A data breach occurs where personal information has been accessed or disclosed without
proper authorisation. If your organisation adheres to the Privacy Act 1988, it is your
responsibility to notify anyone affected by a data breach in your organisation where there has
been unauthorised access/disclosure of personal information that has the potential to result in
serious harm (OAIC, 2020).

Examples of a data breach can be as follows:
• Losing a device containing personal information about a client
• Having a device containing personal information about a client stolen
• A hacker accesses personal information about clients
• An email containing personal information about a client is forwarded/ sent to the wrong
person
• Proper security measures weren’t taken or weren’t in place to identify a client over the
phone and then personal information was disclosed.

Where this occurs, it is the duty of the organisation to notify the individual and provide recommendations to handle the data breach (OAIC, 2020). For more on Data Breaches and the Notifiable Data Breach Scheme CLICK HERE