How to respond to a data breach notification

Under the Australian Privacy Act and the Notifiable Data Breach (NDB) scheme, organisations which store your personal information and experience a notifiable data breach, must inform you of that breach, as well as the Privacy Commissioner.

An eligible data breach occurs when:

  • your personal information is lost, or is accessed or disclosed without authorisation;
  • this is likely to result in serious harm to one or more individuals; and
  • the organisation hasn’t been able to take any steps to prevent the likely risk of serious harm.

If you have received a data breach notification, you can protect yourself by:

  • Contacting the organisation which sent you the notification, if you have any questions in relation to the information that has been compromised;
  • Change your passwords for all of your online accounts, especially your online banking accounts;
  • Check your bank statements regularly to monitor for any fraudulent transactions; and
  • Keep an eye on your mental health. If the data breach is causing you significant distress, reach out to friends and family, or a support service such as IDCARE, beyondblue or Lifeline.

For more information head to