What to do if you think there’s been a privacy incident
What to do if there’s been a privacy breach or near miss
A privacy incident includes a:
- privacy breach, which occurs when there is unauthorised access, loss (including theft), or unauthorised disclosure of personal information; or a
- near miss, which is when a privacy breach could have occurred, but the incident was prevented before the information was disclosed.
If you think there has been a privacy incident (either a breach, or near miss) you should report it to the Privacy Officer as soon as possible, so that the Privacy Officer (or the Legal Team on their behalf) can assist you through the process. You can also report it to your Manager in the first instance, who will then notify the Privacy Officer.
The Privacy Officer or the Legal Team will follow the privacy incident process outlined in Managing privacy incidents guideline to take steps to:
- contain the breach and perform an initial assessment (contain)
- initiate an investigation, and evaluate the risks (evaluate)
- remedy and respond (notify)
- consider the cause and how to prevent it happening again (prevent).
For more information:
If you’re not sure if something is personal information, or you have any privacy related questions, please contact the legal team.