Privacy Act 1988
PART IIIC
-
NOTIFICATION OF ELIGIBLE DATA BREACHES
Division 3
-
Notification of eligible data breaches
Subdivision A
-
Suspected eligible data breaches
SECTION 26WH
ASSESSMENT OF SUSPECTED ELIGIBLE DATA BREACH
Scope
26WH(1)
This section applies if:
(a) an entity is aware that there are reasonable grounds to suspect that there may have been an eligible data breach of the entity; and
(b) the entity is not aware that there are reasonable grounds to believe that the relevant circumstances amount to an eligible data breach of the entity.
Assessment
26WH(2)
The entity must:
(a) carry out a reasonable and expeditious assessment of whether there are reasonable grounds to believe that the relevant circumstances amount to an eligible data breach of the entity; and
(b) take all reasonable steps to ensure that the assessment is completed within 30 days after the entity becomes aware as mentioned in paragraph (1)(a).
View history note
Hide history noteScope
26WH(1)
This section applies if:
(a) an entity is aware that there are reasonable grounds to suspect that there may have been an eligible data breach of the entity; and
(b) the entity is not aware that there are reasonable grounds to believe that the relevant circumstances amount to an eligible data breach of the entity.
Assessment
26WH(2)
The entity must:
(a) carry out a reasonable and expeditious assessment of whether there are reasonable grounds to believe that the relevant circumstances amount to an eligible data breach of the entity; and
(b) take all reasonable steps to ensure that the assessment is completed within 30 days after the entity becomes aware as mentioned in paragraph (1)(a).
Note:
Section 26WK applies if an entity is aware that there are reasonable grounds to believe that there has been an eligible data breach of the entity.
This information is provided by CCH Australia Limited Link opens in new window. View the disclaimer and notice of copyright.