What is a data breach and when do I need to notify?

A data breach happens when personal information is accessed or disclosed without authorisation, or is lost.

You need to notify a data breach:

  • If you are unable to prevent the likely risk of serious harm with remedial action
  • When it is likely to result in serious harm to any of the individuals to whom the information relates to

‘Serious harm’ is not defined in the Privacy Act. In the context of a data breach, serious harm to an individual may include serious physical, psychological, emotional, financial, or reputational harm.