While health institutions around the world work to secure patients’ personal information and prevent the hacking or leaking of data from their systems, one Melbourne hospital is being investigated after medical records were found lying in a gutter in a nearby street.

Fairfax Media reports Australia’s Privacy Commissioner Timothy Pilgrim is investigating how the paper records of 31 patients of the John Fawkner Private Hospital were removed from the premises last month.

The documents, which were found by a local resident, were sent to both the Privacy Commissioner, and Victoria’s Health Complaints Commissioner.

Under current legislation, there is no obligation for the hospital to notify the affected patients that their privacy has been breached. All this will change under the new data breach notification laws, which were passed by the Australian government last month, and are expected to come into force within the next 12 months.

This breach is a timely reminder for all businesses, government agencies and other organisations covered by Australia’s privacy laws to take stock of how they store personal information – whether it be in a filing cabinet, on a hard-drive, or in a cloud – and ensure it is secure.