Latitude Financial faces first-ever joint A/NZ privacy investigation
Latitude Financial is facing a joint investigation by privacy watchdogs in Australia and New Zealand over its personal information handling practices following a large-scale data breach.
The Office of the Australian Information Commissioner (OAIC) and the New Zealand Office of the Privacy Commissioner (OPC) announced the joint investigation, following “preliminary inquiries into the matter by both offices.”
It’s the first time the two organisations have collaborated in such a way, but it “reflects the impact of the data breach on individuals in both countries”, they said.
The watchdogs also said a shared investigation would enable efficient use of resourcing and “reduce the regulatory impact on Latitude”, which could otherwise face multiple privacy-related investigations.
As this is their first joint investigation, the OAIC and OPC said they may still make “separate decisions regarding the most appropriate regulatory response to a breach”.
The OAIC said it is particularly interested in “whether Latitude took reasonable steps to protect the personal information they held from misuse, interference, loss, unauthorised access, modification or disclosure.”
“The investigation will also consider whether Latitude took reasonable steps to destroy or de-identify personal information that was no longer required,” the office said in a statement.
An adverse finding against Latitude could open it to directions to fix its systems, “redress any loss or damage”, and potentially fines of up to $50 million per contravention of the Privacy Act if the OAIC sought them in the Federal Court.
First revealed in mid-March, the Latitude breach exposed more than 14 million records, some dating back decades.