Privacy Act 1988

PART IIIC - NOTIFICATION OF ELIGIBLE DATA BREACHES  

Division 2 - Eligible data breach  

SECTION 26WF   EXCEPTION - REMEDIAL ACTION  


Access to, or disclosure of, information

26WF(1)    
If:


(a) an access to, or disclosure of, information is covered by paragraph 26WE(2)(a) ; and


(b) the APP entity, credit reporting body, credit provider or file number recipient, as the case may be, takes action in relation to the access or disclosure; and


(c) the APP entity, credit reporting body, credit provider or file number recipient, as the case may be, does so before the access or disclosure results in serious harm to any of the individuals to whom the information relates; and


(d) as a result of the action, a reasonable person would conclude that the access or disclosure would not be likely to result in serious harm to any of those individuals;

the access or disclosure is not, and is taken never to have been:


(e) an eligible data breach of the APP entity, credit reporting body, credit provider or file number recipient, as the case may be; or


(f) an eligible data breach of any other entity.

26WF(2)    
If:


(a) an access to, or disclosure of, information is covered by paragraph 26WE(2)(a) ; and


(b) the APP entity, credit reporting body, credit provider or file number recipient, as the case may be, takes action in relation to the access or disclosure; and


(c) the APP entity, credit reporting body, credit provider or file number recipient, as the case may be, does so before the access or disclosure results in serious harm to a particular individual to whom the information relates; and


(d) as a result of the action, a reasonable person would conclude that the access or disclosure would not be likely to result in serious harm to the individual;

this Part does not require:


(e) the APP entity, credit reporting body, credit provider or file number recipient, as the case may be; or


(f) any other entity;

to take steps to notify the individual of the contents of a statement that relates to the access or disclosure.



Loss of information

26WF(3)    
If:


(a) a loss of information is covered by paragraph 26WE(2)(b) ; and


(b) the APP entity, credit reporting body, credit provider or file number recipient, as the case may be, takes action in relation to the loss; and


(c) the APP entity, credit reporting body, credit provider or file number recipient, as the case may be, does so before there is unauthorised access to, or unauthorised disclosure of, the information; and


(d) as a result of the action, there is no unauthorised access to, or unauthorised disclosure of, the information;

the loss is not, and is taken never to have been:


(e) an eligible data breach of the APP entity, credit reporting body, credit provider or file number recipient, as the case may be; or


(f) an eligible data breach of any other entity.

26WF(4)    
If:


(a) a loss of information is covered by paragraph 26WE(2)(b) ; and


(b) the APP entity, credit reporting body, credit provider or file number recipient, as the case may be, takes action in relation to the loss; and


(c) the APP entity, credit reporting body, credit provider or file number recipient, as the case may be, does so:


(i) after there is unauthorised access to, or unauthorised disclosure of, the information; and

(ii) before the access or disclosure results in serious harm to any of the individuals to whom the information relates; and


(d) as a result of the action, a reasonable person would conclude that the access or disclosure would not be likely to result in serious harm to any of those individuals;

the loss is not, and is taken never to have been:


(e) an eligible data breach of the APP entity, credit reporting body, credit provider or file number recipient, as the case may be; or


(f) an eligible data breach of any other entity.

26WF(5)    
If:


(a) a loss of information is covered by paragraph 26WE(2)(b) ; and


(b) the APP entity, credit reporting body, credit provider or file number recipient, as the case may be, takes action in relation to the loss; and


(c) the APP entity, credit reporting body, credit provider or file number recipient, as the case may be, does so:


(i) after there is unauthorised access to, or unauthorised disclosure of, the information; and

(ii) before the access or disclosure results in serious harm to a particular individual to whom the information relates; and


(d) as a result of the action, a reasonable person would conclude that the access or disclosure would not be likely to result in serious harm to the individual;

this Part does not require:


(e) the APP entity, credit reporting body, credit provider or file number recipient, as the case may be; or


(f) any other entity;

to take steps to notify the individual of the contents of a statement that relates to the loss.



 

Disclaimer and notice of copyright applicable to materials provided by CCH Australia Limited

CCH Australia Limited ("CCH") believes that all information which it has provided in this site is accurate and reliable, but gives no warranty of accuracy or reliability of such information to the reader or any third party. The information provided by CCH is not legal or professional advice. To the extent permitted by law, no responsibility for damages or loss arising in any way out of or in connection with or incidental to any errors or omissions in any information provided is accepted by CCH or by persons involved in the preparation and provision of the information, whether arising from negligence or otherwise, from the use of or results obtained from information supplied by CCH.

The information provided by CCH includes history notes and other value-added features which are subject to CCH copyright. No CCH material may be copied, reproduced, republished, uploaded, posted, transmitted, or distributed in any way, except that you may download one copy for your personal use only, provided you keep intact all copyright and other proprietary notices. In particular, the reproduction of any part of the information for sale or incorporation in any product intended for sale is prohibited without CCH's prior consent.