PRIVACY ACT 1988

PART IIIC - NOTIFICATION OF ELIGIBLE DATA BREACHES  

Division 3 - Notification of eligible data breaches  

Subdivision B - General notification obligations  

SECTION 26WK   STATEMENT ABOUT ELIGIBLE DATA BREACH  

Scope

26WK(1)  
This section applies if an entity is aware that there are reasonable grounds to believe that there has been an eligible data breach of the entity. Statement

26WK(2)  
The entity must:


(a) both:


(i) prepare a statement that complies with subsection (3); and

(ii) give a copy of the statement to the Commissioner; and


(b) do so as soon as practicable after the entity becomes so aware.

26WK(3)  
The statement referred to in subparagraph (2)(a)(i) must set out:


(a) the identity and contact details of the entity; and


(b) a description of the eligible data breach that the entity has reasonable grounds to believe has happened; and


(c) the kind or kinds of information concerned; and


(d) recommendations about the steps that individuals should take in response to the eligible data breach that the entity has reasonable grounds to believe has happened.

26WK(4)  
If the entity has reasonable grounds to believe that the access, disclosure or loss that constituted the eligible data breach of the entity is an eligible data breach of one or more other entities, the statement referred to in subparagraph (2)(a)(i) may also set out the identity and contact details of those other entities.




This information is provided by CCH Australia Limited Link opens in new window. View the disclaimer and notice of copyright.