• tombruzzo
    link
    fedilink
    arrow-up
    6
    ·
    3 months ago

    I remember I had some compliance training on this recently. Maybe start with informing the vendor and if you don’t like their response, go to the victim and the OAIC

    • Baku
      link
      fedilink
      English
      arrow-up
      4
      ·
      3 months ago

      Oh, how cool’s that? I literally just finished my TAFE class, got out, and this is the first thing I see. We just had an assessment about privacy breaches and the complaints process, and this was basically my answer for the complaints process

      Strong agree with what you said. Although personally, I do somewhat feel a moral responsibility to tell the victim. It’s a tricky one though, especially if you go to the vendor as well, there may be some blowback because they know who told the victim, and if they stop working with the vendor, I imagine they’re likely to blame OP.

      Tldr: vendor first, then victim and OAIC is the advisable and smart approach, victim first then the vendor is the less smart approach, but also the one I think I’d feel compelled to take