PRIVACY ACT 1988

PART IIIC - NOTIFICATION OF ELIGIBLE DATA BREACHES  

Division 2 - Eligible data breach  

SECTION 26WG   26WG   WHETHER ACCESS OR DISCLOSURE WOULD BE LIKELY, OR WOULD NOT BE LIKELY, TO RESULT IN SERIOUS HARM - RELEVANT MATTERS  


For the purposes of this Division, in determining whether a reasonable person would conclude that an access to, or a disclosure of, information:


(a) would be likely; or


(b) would not be likely;

to result in serious harm to any of the individuals to whom the information relates, have regard to the following:


(c) the kind or kinds of information;


(d) the sensitivity of the information;


(e) whether the information is protected by one or more security measures;


(f) if the information is protected by one or more security measures - the likelihood that any of those security measures could be overcome;


(g) the persons, or the kinds of persons, who have obtained, or who could obtain, the information;


(h) if a security technology or methodology:


(i) was used in relation to the information; and

(ii) was designed to make the information unintelligible or meaningless to persons who are not authorised to obtain the information;
the likelihood that the persons, or the kinds of persons, who:

(iii) have obtained, or who could obtain, the information; and

(iv) have, or are likely to have, the intention of causing harm to any of the individuals to whom the information relates;
have obtained, or could obtain, information or knowledge required to circumvent the security technology or methodology;


(i) the nature of the harm;


(j) any other relevant matters.

Note:

If the security technology or methodology mentioned in paragraph (h) is encryption, an encryption key is an example of information required to circumvent the security technology or methodology.




This information is provided by CCH Australia Limited Link opens in new window. View the disclaimer and notice of copyright.