PRIVACY ACT 1988

PART IIIC - NOTIFICATION OF ELIGIBLE DATA BREACHES  

Division 3 - Notification of eligible data breaches  

Subdivision A - Suspected eligible data breaches  

SECTION 26WH   ASSESSMENT OF SUSPECTED ELIGIBLE DATA BREACH  

Scope

26WH(1)  
This section applies if:


(a) an entity is aware that there are reasonable grounds to suspect that there may have been an eligible data breach of the entity; and


(b) the entity is not aware that there are reasonable grounds to believe that the relevant circumstances amount to an eligible data breach of the entity. Assessment

26WH(2)  
The entity must:


(a) carry out a reasonable and expeditious assessment of whether there are reasonable grounds to believe that the relevant circumstances amount to an eligible data breach of the entity; and


(b) take all reasonable steps to ensure that the assessment is completed within 30 days after the entity becomes aware as mentioned in paragraph (1)(a).

Note:

Section 26WK applies if an entity is aware that there are reasonable grounds to believe that there has been an eligible data breach of the entity.




This information is provided by CCH Australia Limited Link opens in new window. View the disclaimer and notice of copyright.