Home / Privacy / Guidance and advice

Data breach preparation and response

RSS feed

This guide assists organisations and agencies to prepare for and respond to data breaches in line with their obligations under the Privacy Act 1988. Read Part 4 for guidance on the NDB Scheme.

Download the print version

Foreword

13 July 2019
Commissioner's introduction to the Data Breach Preparation and Response Guide
Read more: Foreword

Purpose and structure of this guide

13 July 2019
An overview of the Data Breach Preparation and Response Guide
Read more: Purpose and structure of this guide

Part 1: Data breaches and the Australian Privacy Act

13 July 2019
This section outlines the requirements of the Privacy Act that relate to personal information security and data breach response strategy. The principles contained within the Privacy Act for the handling of personal information may be adopted by any entity to lower the risk of a data breach occurring and to effectively reduce the impact of a data breach.
Read more: Part 1: Data breaches and the Australian Privacy Act

Part 2: Preparing a data breach response plan

13 July 2019
The faster an entity responds to a data breach, the more likely it is to effectively limit any negative consequences. A data breach response plan is essential to facilitate a swift response and ensure that any legal obligations are met following a data breach.
Read more: Part 2: Preparing a data breach response plan

Part 3: Responding to data breaches — four key steps

13 July 2019
An effective data breach response generally follows a four-step process — contain, assess, notify, and review. This section outlines key considerations for each of these steps to assist entities in preparing an effective data breach response.
Read more: Part 3: Responding to data breaches — four key steps

Part 4: Notifiable Data Breach (NDB) Scheme

13 July 2019
This section outlines the requirements of the NDB scheme under the Privacy Act. The NDB scheme contains mandatory data breach reporting obligations in relation to certain data breaches, and requirements to assess suspected data breaches.
Read more: Part 4: Notifiable Data Breach (NDB) Scheme

Part 5: Other sources of information

13 July 2019
The obligations of the Privacy Act in relation to data breaches co-exist with other reporting obligations. This section assists entities in identifying where they can find information about other data breach reporting requirements.
Read more: Part 5: Other sources of information

Appendix A: Key terms

13 July 2019
Key terms used in the Data Breach Preparation and Response Guide
Read more: Appendix A: Key terms