Following consultation, the Notifiable Data Breaches (NDB) scheme resources have been finalised. You can view all of the resources on our NDB webpage.
Under the NDB scheme, agencies and organisations regulated by the Australian Privacy Act will be obligated to notify individuals affected by a data breach that is likely to result in serious harm (an ‘eligible data breach’). The Australian Information Commissioner must also be notified.
The NDB resources cover:
- which agencies and organisations have obligations under the scheme, including in instances where multiple parties are affected by an eligible data breach
- how to identify an eligible data breach
- exceptions to notification obligations
- how to notify affected individuals and the Commissioner
- the role of the OAIC in the scheme
We are currently updating our Data breach notification — A guide to handling personal information security breaches and Guide to developing a data breach response plan resources to develop a comprehensive guide to data breach management responsibilities and best practice.
The updated guide is expected to be released in early 2018. Sign up to the OAIC’s Privacy Professionals’ Network (PPN) newsletter to keep up-to-date with our latest privacy resource releases.
» View NDB resources
Was this page helpful?
If you would like to provide more feedback, please email us at firstname.lastname@example.org