Share on facebook
Share on twitter
Share on linkedin
Share on pocket
Abstract image of a security data breach

In February 2018, the Australian Privacy Act changed to incorporate data breach obligations and responsibilities for businesses. When unauthorised access or disclosure of personal information that your business holds occurs, the breach needs to be reported to the Office of Australian Information Commissioner (OAIC).

When an organisation or agency the Privacy Act 1988 covers has reasonable grounds to believe an eligible data breach has occurred, they must promptly notify any individual at risk of serious harm. They must also notify us.

An eligible data breach occurs when the following criteria are met:

  • There is unauthorised access to or disclosure of personal information held by an organisation or agency (or information is lost in circumstances where unauthorised access or disclosure is likely to occur).
  • This is likely to result in serious harm to any of the individuals to whom the information relates.
  • The organisation or agency has been unable to prevent the likely risk of serious harm with remedial action.

How do you report a breach when it occurs? And who do you report it to?

Legislation requires that any data breach will need to be reported to the Australian Information Commissioner and affected individuals as soon as practicable. The affected individuals could be customers and/or staff.

Eligible breaches include instances of unauthorised access or disclosure of information, loss or theft of a device containing personal information and the hacking of a database.

Depending upon the severity of the breach and the potential for harm, it may be necessary to prepare and submit a formal report.

The report requires the following to be disclosed:

When you notify us and any affected individuals include:

  • your organisation or agency’s name and contact details
  • a description of the data breach
  • the kinds of information involved
  • recommendations about the steps individuals should take in response to the data breach

For more information on notifications, see Data Breach Preparation and Response.

When it comes to describing the breach, enough detail should be included to allow individuals to understand the potential impact of the breach. The description might include:

  • The date the breach occurred
  • The date the organisation became aware of the breach
  • The circumstances as they relate to the breach, including any known causes
  • Who is responsible for the breach, if known, and who is likely to have access to the information.

When it comes to giving advice to individuals with regard to protecting themselves, this will largely depend upon the kind of information that was involved in the breach. For example, if the breach involved bank account information, you might recommend the person contact their financial institution.

Report A Data Breach Now

You can use the OAIC online form to Report a Data Breach.

With the right cyber security strategy in place, you can minimise the risk of a breach occurring. If you don’t have a strategy, now is the time to establish one. If you do, now is the time to review its currency and relevance to your business and the way it operates today.

How To Prevent Data Breaches

Prevention is better than the cure, especially when it comes to data breaches. Did you know that simple human error was responsible for more than a third of data breaches in Australia in the last year, according to the Australian privacy commissioner. Read more about the practical steps your business can take to implement best-practice procedures and prevent a data breach.

Need Help?

If you need any assistance with your cyber security or you don’t know where to start please call Surety IT on 1300 478 738 or contact us online.


Find out how we can help with your IT challenges.
Talk to us today 1300 478 738 or Email

Subscribe for the latest industry news, updates and advice.

About the author:

Ash Klemm

Ash Klemm

Ash has over 20 years of experience in sales and marketing. His journey from a casual salesperson at Chandlers to State Manager at a national IT distribution company, while battling health issues, including a double lung transplant in 2015, gave him the experience, know-how, tenacity, and marketing insight, to find solutions and help businesses grow. After spending several years in the ivory tower of state management, Ash missed the genuine connection of face to face meetings and helping make a difference to businesses in need. His authentic, conversational, and easy-going nature helps our customers feel at ease and shows them we are a brand to trust. Ash spends his days advocating for our customers to ensure they receive the best possible service in a timely fashion. Ash is also the in house chair builder. His curiosity and natural problem-solving ability make him the perfect first call for all our new customers to help determine what is wrong, how Surety IT can help and what the best solutions are moving forward.
Scroll to Top