
Get exclusive money-saving offers and guides
Straight to your inbox
We’re reader-supported and may be paid when you visit links to partner sites. We don’t compare all products in the market, but we’re working on it!
Australian legislation requires that a business notifies the Australian regulator and the individuals whose data is compromised if it suffers a data breach. Here's our guide to composing a policy that complies with the law and protects the data your company holds.
A data breach notification policy in Australia sets out how a business responds to unauthorised access, distribution or loss of personal information that it holds. If the company is governed by the Privacy Act 1988, it is required under the data breach notification scheme that came into effect in 2018 to report any breach of data security that could result in personal harm to the Office of the Australian Information Commissioner (OAIC) as well as the individuals affected.
According to the OAIC, the policy should outline your company's strategy for containing, assessing and managing the incident from start to finish. The policy applies to all employees, contractors and any third party that collects or manages personal data on behalf of the business.
If your company operates or holds data on customers in the European Union, it has additional reporting obligations under the European General Data Protection Regulation (GDPR) law.
A company that collects and stores personal information, such as addresses and credit card numbers of customers, should have a written policy in place so that if the security of the data is compromised it can investigate and respond immediately, as required by the law.
You should regularly test and review your company's data breach response plan – especially when launching new products or services that involve collecting data – to make sure that the procedures in place are fit for purpose. New employees should be made aware of the policy and all employees that should be involved in a response should have easy access to the document for reference.
A privacy policy covers how a company handles the personal information it stores, while a data breach notification policy specifically details the company's plan for how it will respond if the security of the data is compromised.
A data breach policy sets out the responsibilities of specific employees in managing a data breach. It details the steps the company will take to respond to a breach and the obligations it has to report the breach.
An effective policy includes a comprehensive plan to reduce the risk of damage to the company's operations and reputation. It should:
The policy document should not include legal jargon or confusing instructions. It should contain detailed information about the company's data security procedures, but it should not include confidential information about the security systems, such as passwords.
A rapid and comprehensive data breach notification policy is effective in making sure that a company complies with its legal obligations. By responding immediately and reducing the impact of the breach, a company can reduce the costs involved and minimise the impact on its reputation.
You can find resources online to help you write a data breach policy. However, given the serious impact a data breach can have on a company's reputation and finances, it is advisable to have a data protection lawyer review your policy document, or have them draft it for you.
A data breach policy should be written in clear language that provides detailed instructions, so employees understand their roles. It should be structured with subheadings, bullet points and numbered lists so it is easy to read and reference quickly in the event that there is a data breach.
Finder's submission in response to the Inquiry into Future Directions for the Consumer Data Right.
Nurture your dream of starting a daycare company with this step-by-step guide.
Start building a profitable side hustle by setting up a t-shirt business.
Learn the key considerations when it comes to starting and growing your smartphone app company.
Start your own eBook writing business with our guide to the skills, equipment and legal documents you’ll need.
Find out what you need to know before starting an accounting business.
Find out how to start a baby proofing business and run it from home in this guide.
Tap into the demand for fashion accessories by opening a watchmaking company.
Find out how to turn your passion for homewares into a profitable business.
How to start an Auto Mechanic Business from scratch, from the equipment, licences to the skills you’ll need.