Privacy – Notifiable data breaches

Have you ever sent an email to the wrong recipient? Left important documents on the train?

If so, your organisation may have been the subject of a ‘data breach’ and may have reporting obligations under the Privacy Act.

Organisations must notify the Information Commissioner and all individuals whose personal information is involved in a data breach, where that breach is likely to result in serious harm.

If you suspect a data breach has occurred that is likely to result in harm, it is important to act quickly. Individuals must be notified and given advice on the steps that they can take to protect themselves.

The best way to ensure that you respond properly to a data breach is to have a plan in place before the breach occurs.

For more information contact our Privacy team or head to OAIC – Data Breach Guidance.