A data breach happens when personal information is accessed or disclosed without authorisation, or is lost.
You need to notify a data breach:
- If you are unable to prevent the likely risk of serious harm with remedial action
- When it is likely to result in serious harm to any of the individuals to whom the information relates to
‘Serious harm’ is not defined in the Privacy Act. In the context of a data breach, serious harm to an individual may include serious physical, psychological, emotional, financial, or reputational harm.