What is a data breach?

    Data breach means unauthorised access to, or unauthorised disclosure of, personal information or a loss of personal information. 

    Examples of a data breach are when a device containing personal information is lost or stolen, an entity’s database containing personal information is hacked or an entity mistakenly provides personal information to the wrong person.

    What makes a data breach serious?

    A notifiable data breach means a data breach that is likely to result in serious harm to an individual and/or group. For example, information about someone’s health or finances are considered sensitive data. The use of the data eg. Identity theft or defamation and how many people are impacted are also reasons where the affected person would be notified.  

    Would I be notified of all data breaches?

    If a breach occurs, an evaluation of the scope and possible impact will occur. If Council has responded quickly to the breach, and because of this action the data breach is not likely to result in serious harm, then the individuals and the Office of the Australian Information Commissioner will not usually be contacted. The Privacy Officer and/or Council staff may decide to advise the affected individuals about the incident for the sake of transparency.