Privacy and FOI advice for the COVID-19 pandemic. Learn more
Main menu
Close
- About us
-
Privacy
- For individuals
- For organisations and agencies
- Law
-
Freedom of information
- For individuals
- For agencies
- Law
- Information policy
-
Consumer Data Right
- For consumers
- For participants
- Law
Data breach preparation and response
This guide assists organisations and agencies to prepare for and respond to data breaches in line with their obligations under the Privacy Act 1988. Read Part 4 for guidance on the NDB Scheme.
13 July 2019
Commissioner's introduction to the Data Breach Preparation and Response Guide
13 July 2019
An overview of the Data Breach Preparation and Response Guide
This section outlines the requirements of the Privacy Act that relate to personal information security and data breach response strategy. The principles contained within the Privacy Act for the handling of personal information may be adopted by any entity to lower the risk of a data breach occurring and to effectively reduce the impact of a data breach.
13 July 2019
The faster an entity responds to a data breach, the more likely it is to effectively limit any negative consequences. A data breach response plan is essential to facilitate a swift response and ensure that any legal obligations are met following a data breach.
An effective data breach response generally follows a four-step process — contain, assess, notify, and review. This section outlines key considerations for each of these steps to assist entities in preparing an effective data breach response.
13 July 2019
This section outlines the requirements of the NDB scheme under the Privacy Act. The NDB scheme contains mandatory data breach reporting obligations in relation to certain data breaches, and requirements to assess suspected data breaches.
13 July 2019
The obligations of the Privacy Act in relation to data breaches co-exist with other reporting obligations. This section assists entities in identifying where they can find information about other data breach reporting requirements.
13 July 2019
Key terms used in the Data Breach Preparation and Response Guide