Notifying the Privacy Commissioner
An entity is required to prepare a statement notifying the Privacy Commissioner of an eligible data breach and to send it the Privacy Commissioner as soon as practicable.
This statement should contain:
- the entity’s identity and contact details;
- a description of the eligible data breach that the entity has reasonable grounds to believe has happened;
- the kind or kinds of information concerned; or
- recommendations about the steps that individuals should take in response to the eligible data breach.