Australia: Announced OAIC and OPC Joint Investigation into Latitude Group regarding Data Breach

On 10 May 2023, the Office of the Australian Information Commissioner (OAIC) and the New Zealand Office of the Privacy Commissioner (OPC) jointly announced the initiation of an investigation into the Latitude group of companies (Latitude) due to a data breach that occurred on 12 March 2023. According to the agencies, the breach caused significant exposure of personal information of citizens of both countries, including drivers licences, passports, and sensitive financial data. The OAIC and OPC aim to investigate whether Latitude undertook the required steps to protect the personal information held by it and to deidentify or destroy the personal information that it no longer needed. Further, the investigation will focus on how the breach occurred and Latitude's response to discovering the breach. According to the agencies, the joint investigation will allow the agencies to share their resources without precluding them from reaching different regulatory outcomes or choosing different regulatory measures.