Start of content
13 November, 2018 - 10:15

The protection of peoples’ privacy and the security is paramount for the Agency.

The Agency has significantly invested in capability and capacity in privacy and cyber security with over 100 operations staff working around the clock on security and privacy monitoring and protections.

Additionally, the Agency has a dedicated cyber security operations team and specialist cell of cyber security threat intelligence analysts.

The Agency also has a small team dedicated to privacy policy, which supports the ongoing improvement of the Agency’s privacy framework and supports a team within the Department of Health which is responsible for setting policy and legislation as it relates to the My Health Record.

These functions come together in an experienced and well-resourced privacy and security function, which is dedicated to delivering on our statutory obligations and building exemplary standards in privacy and security.

The Agency’s privacy activities are independently assessed by the Office of the Australian Information Commissioner. To date the Agency has never received an adverse finding from this independent oversight.

Public comments reported on the departure of the past Director of Privacy Policy

Out of respect for the privacy of staff, the Agency does not discuss individual members of staff in media responses.

However, in light of recent media, the Agency acknowledges that the Director of Privacy Policy recently resigned from the Agency to take up a new career opportunity. She was a highly valued member of our team and we wish this capable professional all the very best in her new role. The incoming Director of Policy and Privacy holds a PhD in digital health and has been working on national electronic health records for over 20 years and brings substantial expertise in privacy policy and legislation to the role.

The Agency strongly rejects statements made in the media regarding the circumstances of the former Director’s departure. At no time has a complaint been raised with the Agency executive by any staff member about concerns with the Privacy Policy functions or with the privacy protections of the My Health Record system.