In January 2015 the Office of the Australian Information Commissioner published a guide to "securing personal information" by recommending reasonable steps to protect personal information.

 This includes a discussion on what amounts to personal information security, the information life-cycle and what amounts to taking reasonable steps to protect personal information.  Special consideration is given to governance, culture and training, internal practices, ICT Security, third-party providers including cloud computing, data breaches, physical security and destruction or de-identification of personal information.

 A copy of the guide can be found here.