Australia: Notifying individuals about an eligible data breach

When an entity experiences a data breach, its first step should be to contain the breach where possible and take remedial action. Where serious harm cannot be mitigated through remedial action, it must notify individuals at risk of serious harm and provide a statement to the Commissioner as soon as practicable.

Source: Notifying individuals about an eligible data breach| Office of the Australian Information Commissioner – OAIC

>