Medibank

Comprehensive policy with clear scope statement, detailed contents structure, glossary of terms, specific contact information, and current effective date. Strong introductory summary and commitment to notify significant changes.

Comprehensive list of use purposes but includes broad catch-all clauses like 'general functions and activities.' Marketing consent and opt-out mechanisms are well-defined, though some purposes remain vague.

Clear privacy officer contact details, formal complaint process, and commitment to review policy when appropriate. Good notification mechanisms for significant changes and external escalation pathway to OAIC.

Detailed enumeration of personal information types including sensitive data, multiple collection methods specified, and clear legal basis. Good coverage of biometric data, health information, and automated collection methods with opt-out options.

Specific categories of third parties identified with clear purposes, named countries for overseas disclosure, and consent requirements for certain sharing. Good coverage of health insurance, wellbeing programs, and government disclosure scenarios.

Limited security measures disclosed - mainly identity verification methods and fraud prevention activities. Lacks specific technical safeguards, encryption details, or comprehensive security framework beyond basic authentication.

Comprehensive list of 14 countries specified for overseas disclosure with clear purposes, but lacks details on adequacy mechanisms, binding corporate rules, or specific safeguards to protect data overseas.

Strong coverage of access and correction rights with specific timeframes (30 days), detailed contact mechanisms, formal complaint process, and clear escalation to OAIC. Marketing opt-out rights are comprehensive with multiple methods.

No relevant claims found in policy.

No specific findings.

Clear age threshold of 16 years with specific consent requirements and disclosure restrictions for health insurance claims. Includes family violence protections but limited to health insurance context.