So I noticed a company had put up a poorly redacted screenshot of a customer order, so basically they just gave away a person’s name, email address and physical address on Instagram.
I remember I had some compliance training on this recently. Maybe start with informing the vendor and if you don’t like their response, go to the victim and the OAIC
Oh, how cool’s that? I literally just finished my TAFE class, got out, and this is the first thing I see. We just had an assessment about privacy breaches and the complaints process, and this was basically my answer for the complaints process
Strong agree with what you said. Although personally, I do somewhat feel a moral responsibility to tell the victim. It’s a tricky one though, especially if you go to the vendor as well, there may be some blowback because they know who told the victim, and if they stop working with the vendor, I imagine they’re likely to blame OP.
Tldr: vendor first, then victim and OAIC is the advisable and smart approach, victim first then the vendor is the less smart approach, but also the one I think I’d feel compelled to take
So I noticed a company had put up a poorly redacted screenshot of a customer order, so basically they just gave away a person’s name, email address and physical address on Instagram.
What would you do?
Inform the victim
Inform the vendor
Contact OAIC
Email 131444
I remember I had some compliance training on this recently. Maybe start with informing the vendor and if you don’t like their response, go to the victim and the OAIC
Oh, how cool’s that? I literally just finished my TAFE class, got out, and this is the first thing I see. We just had an assessment about privacy breaches and the complaints process, and this was basically my answer for the complaints process
Strong agree with what you said. Although personally, I do somewhat feel a moral responsibility to tell the victim. It’s a tricky one though, especially if you go to the vendor as well, there may be some blowback because they know who told the victim, and if they stop working with the vendor, I imagine they’re likely to blame OP.
Tldr: vendor first, then victim and OAIC is the advisable and smart approach, victim first then the vendor is the less smart approach, but also the one I think I’d feel compelled to take