Preparing for data breach
notifications in Australia
What is a data breach notification?
Parties that could require notification in Australia include:
• Regulators including the Office of the Australian
Information Commissioner (“OAIC”)
Internal to an organisation
Board of directors
• Third party contractors
• Government agencies
• Credit card companies and financial institutions
Each of these stakeholders may require different information regarding the breach. The type of information which is
to be provided can be driven by the stakeholder, best practice or legal requirements.
A data breach notification is a notification informing required parties that a breach has occurred. It is intended to
inform them so that they can take steps to minimise harm that could arise from the breach.
Data security is the first step
when protecting information
Building the capability to proactively
monitor and respond to threats
User access control helps reduce both
internal and external risk of unauthorised
exposure of personal information
Our organisation stores
personal information in a customer
Data security User access control Responding to threats
Is customer information
Do we know who has access to
personal information assets?
Has confidential information
Our organisation has a shared
drive accessible by all staff.
Our organisation receives phishing
emails. One of our employees
mistakenly clicked a link in the email.
Ready for mandatory data breach notifications and
reduce the likelihood of reporting a breach