Responsibility to Act Quickly on Data Breaches

28th September 2020

Data breaches are security violations in which sensitive, protected or confidential data such as credit card and bank details, personal health records and intellectual property is copied, transmitted or stolen by unauthorised persons. The RMB Lawyers Business & Commercial Transactions division explains the process for companies or individuals that experience a data breach.

With more data being stored electronically and digital hackers becoming more skilled and harder to stop, data breaches are now becoming more common. The Privacy Act 1988 is the governing law on Data Breaches in Australia and the Office of the Australian Information Commissioner is the body that handles data breaches in Australia.

To put it simply, a breach is any unauthorised access to, unauthorised disclosure of, or loss of, personal information held by you or your business. If that access, disclosure or loss is likely to result in serious harm to any of the individuals to whom the information relates, then this is a notifiable breach and you must take action.

It is important that you know what a breach is for you and your business and understand which principles or codes directly apply to you.

You have to notify the people to whom the data relates when:

A breach occurs that may result in serious harm to the individuals to whom that data relates; or
You have reasonable grounds to believe a breach has occurred and that breach may result in serious harm to the individuals to whom that data relates; or
You are directed to make a notification by the Australian Information Commissioner.

You have to tell the people to whom the data relates and the Office of the Australian Information Commissioner as soon as is practicable after you are made aware of or have developed the reasonable suspicion of the breach.

You must prepare and send a statement that sets out:

Your contact details, or those of the business;
A description of the breach;
The information that the breach relates to; and
The steps those individuals should take in response to the breach.

You must also provide a copy of this statement to the Office of the Australian Information Commissioner.

If you are unsure of your responsibilities, RMB Lawyers has skilled lawyers who can help you or your business find the answers to your data breach questions. Contact our office to arrange a free consultation. You can contact us by by phone or our 'Ask a Question' tool on our website.

Return

Articles

12 April 2024
Protection for Minors Who Have No Executor
Under the Probate and Administration Act 1898 (NSW) a minor (child under 18) cannot administer an estate. The RMB Lawyers Wills & Estates & Disputed Wills division explains the process when a minor is a beneficiary of a Will but there is no executor to administer the estate on their behalf?
Read More
12 April 2024
Rehabilitation: Understand Your Rights
When a person is injured at work, it is usually a high priority of both the injured person and the insurance company to seek a return-to-work outcome. However, as the RMB Compensation Law Division explains, it is important to know your rights.
Read More
12 April 2024
Lottery Wins in Property Settlements
In a marriage or de facto relationship, lottery wins before, during and even after separation can be included in the asset pool or considered when dividing property between separating spouses. The RMB Lawyers Family & Relationships Law Division explains.
Read More