The Office of the Australian Information Commissioner (OAIC) and the New Zealand Office of the Privacy Commissioner (OPC) announced the joint privacy investigation on Tuesday,saying the collaboration would efficiently use both agencies’ resources and reduce the regulatory impact on Latitude.
“It does not preclude the OAIC and OPC reaching separate regulatory outcomes or making separate decisions regarding the most appropriate regulatory response to a breach,” the OAIC said.
The commissioners will investigate whether Latitude took reasonable steps to protect the personal information it held,and will also consider whether Latitude took reasonable steps to destroy or de-identify personal information that was no longer required.
In Australia,breaches of privacy law can be penalised with a fine of up to $50 million for each incident as well as compensation for victims to redress any loss or damage.
The federal government recently announced it would appoint a dedicated privacy commissioner for the first time since 2015 to respond to the wave of severe hacks that have led many Australians’ personal data to be exposed to criminals.