Privacy Act 1988
PART IIIC
-
NOTIFICATION OF ELIGIBLE DATA BREACHES
Division 3
-
Notification of eligible data breaches
Subdivision B
-
General notification obligations
SECTION 26WK
STATEMENT ABOUT ELIGIBLE DATA BREACH
Scope
26WK(1)
This section applies if an entity is aware that there are reasonable grounds to believe that there has been an eligible data breach of the entity.
Statement
26WK(2)
The entity must: (a) both:
26WK(3)
The statement referred to in subparagraph (2)(a)(i) must set out: (a) the identity and contact details of the entity; and (b) a description of the eligible data breach that the entity has reasonable grounds to believe has happened; and (c) the particular kind or kinds of information concerned; and (d) recommendations about the steps that individuals should take in response to the eligible data breach that the entity has reasonable grounds to believe has happened.
26WK(4)
If the entity has reasonable grounds to believe that the access, disclosure or loss that constituted the eligible data breach of the entity is an eligible data breach of one or more other entities, the statement referred to in subparagraph (2)(a)(i) may also set out the identity and contact details of those other entities.
View history note
Hide history noteScope
26WK(1)
This section applies if an entity is aware that there are reasonable grounds to believe that there has been an eligible data breach of the entity.
Statement
26WK(2)
The entity must: (a) both:
(i) prepare a statement that complies with subsection (3) ; and
(b) do so as soon as practicable after the entity becomes so aware.
(ii) give a copy of the statement to the Commissioner; and
26WK(3)
The statement referred to in subparagraph (2)(a)(i) must set out: (a) the identity and contact details of the entity; and (b) a description of the eligible data breach that the entity has reasonable grounds to believe has happened; and (c) the particular kind or kinds of information concerned; and (d) recommendations about the steps that individuals should take in response to the eligible data breach that the entity has reasonable grounds to believe has happened.
26WK(4)
If the entity has reasonable grounds to believe that the access, disclosure or loss that constituted the eligible data breach of the entity is an eligible data breach of one or more other entities, the statement referred to in subparagraph (2)(a)(i) may also set out the identity and contact details of those other entities.
This information is provided by CCH Australia Limited Link opens in new window. View the disclaimer and notice of copyright.