Notifying the Privacy Commissioner

An entity is required to prepare a statement notifying the Privacy Commissioner of an eligible data breach and to send it the Privacy Commissioner as soon as practicable.

This statement should contain:

  • the entity’s identity and contact details;
  • a description of the eligible data breach that the entity has reasonable grounds to believe has happened;
  • the kind or kinds of information concerned; or
  • recommendations about the steps that individuals should take in response to the eligible data breach.