What should I do if there has been or if I have caused a privacy breach?
If you have become aware that your agency has been involved in a privacy breach (personal information has been lost or accidentally disclosed), there are four key steps for you to work through:
- Contain
- Assess
- Notify
- Prevent
For more information on each of the above steps, along with a helpful checklist you can use, see here(external link).
From 1 December 2020, you must report privacy breaches that have caused or are likely to cause serious harm to our office by using our online NotifyUs reporting tool. NotifyUs will also help you assess the seriousness of the privacy breach and whether you must inform our office and affected individuals.
Updated December 2020