this post was submitted on 01 Sep 2024
19 points (95.2% liked)
Melbourne
1870 readers
53 users here now
This community is a place created for the people of Melbourne and Victoria. We are a positive, welcoming and inclusive community. We might not agree about everything, but we always strive to stay civil and respectful.
The focus of our discussions is based around things that affect Victoria, but we are also free to discuss our local perspective on wider issues. Or head to the regular Daily Random Discussion thread to talk about anything.
Ongoing discussions, FAQs & Resources (still under construction)
Adoption Certificate for Nellie, the Daily Thread numbat (with thanks to @Catfish)
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
So I noticed a company had put up a poorly redacted screenshot of a customer order, so basically they just gave away a personβs name, email address and physical address on Instagram.
What would you do?
Inform the victim
Inform the vendor
Contact OAIC
Email 131444
I remember I had some compliance training on this recently. Maybe start with informing the vendor and if you don't like their response, go to the victim and the OAIC
Oh, how cool's that? I literally just finished my TAFE class, got out, and this is the first thing I see. We just had an assessment about privacy breaches and the complaints process, and this was basically my answer for the complaints process
Strong agree with what you said. Although personally, I do somewhat feel a moral responsibility to tell the victim. It's a tricky one though, especially if you go to the vendor as well, there may be some blowback because they know who told the victim, and if they stop working with the vendor, I imagine they're likely to blame OP.
Tldr: vendor first, then victim and OAIC is the advisable and smart approach, victim first then the vendor is the less smart approach, but also the one I think I'd feel compelled to take