Under the Australian Privacy Act and the Notifiable Data Breach (NDB) scheme, organisations which store your personal information and experience a notifiable data breach, must inform you of that breach, as well as the Privacy Commissioner.
An eligible data breach occurs when:
- your personal information is lost, or is accessed or disclosed without authorisation;
- this is likely to result in serious harm to one or more individuals; and
- the organisation hasn’t been able to take any steps to prevent the likely risk of serious harm.
If you have received a data breach notification, you can protect yourself by:
- Contacting the organisation which sent you the notification, if you have any questions in relation to the information that has been compromised;
- Change your passwords for all of your online accounts, especially your online banking accounts;
- Check your bank statements regularly to monitor for any fraudulent transactions; and
- Keep an eye on your mental health. If the data breach is causing you significant distress, reach out to friends and family, or a support service such as IDCARE, beyondblue or Lifeline.
For more information head to https://www.oaic.gov.au/.