Reading time: 3 minutes

It is a legal requirement on businesses, agencies and organisations to notify individuals when a breach of security has resulted in the disclosure of personal information. This data breach notification is required by the Privacy Act 1988 (Cth) – agencies and organisations are required to take reasonable steps to maintain the security of the personal information they collect. Any information that is misused, interfered with, or lost from unauthorised access, modification or disclosure must be disclosed. Notification of a data breach supports good privacy practice.

Data Breaches

Data breaches are not limited to malicious actions, such as theft or ‘hacking’, but may arise from internal errors or failure to follow information handling policies that cause accidental loss or disclosure. If a data breach takes place, notification can be an important mitigation strategy. It can also promote transparency and trust in the organisation or agency.

Examples of data breaches:

  • lost or stolen laptops and storage devices
  • hacking of databases
  • employees accessing unauthorised information
  • paper records stolen
  • an individual deceiving an agency or organisation into improperly releasing the personal information of another person

Reasonable Steps to Prevent Breaches of Data

Organisations are required to prepare and implement a data breach policy and response plan. This should include notifying affected individuals and the OAIC (Office of the Australian Information Commissioner) of any breach. If there is a real risk of serious harm as a result of any breach of data, the OAIC should be notified.

Responding to a Data Breach

There are four key steps to consider when responding to a breach or suspected breach:

  • Step 1: Contain the breach and do a preliminary assessment. This involves taking immediately steps to contain the breach and designate a person or team to coordinate response.
  • Step 2: Evaluate the risks associated with the breach. Consider what personal information is involved.
  • Step 3: Notification. This will involve a risk analysis.
  • Step 4: Prevent future breaches by fully investigating the cause of the breach.

In determining notification, agencies should notify the individuals affected by the breach. However, in some cases it may be appropriate to notify the individual’s guardian or authorised representative on their behalf. The OAIC strongly encourages agencies and organisations to report serious data breaches to the OAIC. The precise wording of the notification notice may have legal implications. Organisations should seek legal advice. The legal implications could include secrecy obligations that apply to agencies.

Preventing Future Data Breaches

In preventing future data breaches, organisations and agencies should implement a breach response plan or a breach response team to handle incidents from occurring again. Enhancing transparency through internal communication and training can also prevent future breaches.

Conclusion

If your business, organisation or agency has been involved in a data breach, our lawyers can assist you with your obligations in complying with the Privacy Act. Please call our office on 1300 544 755 and our Client Care team will happily provide you with an obligation-free consultation and a fixed-fee quote.

Webinars

COVID-19 Vaccines In The Workplace

Thursday 10 February | 11:00 - 11:45am

Online
Can you compel employees to have a COVID-19 vaccine? Understand your rights and responsibilities as an employer. Register today for our free webinar.
Register Now

Preventing Wage Underpayment In Your Franchise

Wednesday 16 February | 11:00 - 11:45am

Online
Learn how to identify and prevent wage underpayment in your franchise. Register today for our free webinar.
Register Now

How to Prevent and Manage Commercial Contract Disputes

Thursday 24 February | 11:00 - 11:45am

Online
Learn how to prevent and manage common commercial contract disputes. Register today for our free webinar.
Register Now

About LegalVision: LegalVision is a commercial law firm that provides businesses with affordable and ongoing legal assistance through our industry-first membership.

By becoming a member, you'll have an experienced legal team ready to answer your questions, draft and review your contracts, and resolve your disputes. All the legal assistance your business needs, for a low monthly fee.

Learn more about our membership

Need Legal Help? Get a Free Fixed-Fee Quote

If you would like to receive a free fixed-fee quote or get in touch with our team, fill out the form below.

Our Awards

  • 2020 Excellence in Technology & Innovation Finalist – Australasian Law Awards
  • 2020 Employer of Choice Winner – Australasian Lawyer
  • 2021 Fastest Growing Law Firm - Financial Times APAC 500
  • 2020 AFR Fast 100 List - Australian Financial Review
  • 2021 Law Firm of the Year - Australasian Law Awards
  • 2019 Most Innovative Firm - Australasian Lawyer