- Get free trial for practice areas as below
- Business
- Consumer
- Corporations
- Criminal
- Employment
- Family
- General Counsel
- Governance
- Immigration
- Intellectual Property
- Personal Injury NSW
- Personal Injury Qld
- Personal Injury Vic
- Personal Property Security
- Property
- Succession
- Work Health & Safety
- Tax
- Mergers & Acquisitions
- Banking & Finance
- Social Justice
- Cybersecurity, Data Protection & Privacy
- Insolvency
- Competition
- Mandatory data breach notification
- Consequences of failing to comply with data breach notification regime
Receiving a direction to notify from the Privacy Commissioner
If the Privacy Commissioner is aware that there are reasonable grounds to believe an entity has experienced an eligible data breach, the Privacy Commissioner may direct the entity to prepare a notification statement. An entity must comply with this direction as soon as practicable.
However, the Privacy Commissioner must first invite the entity to make a submission in relation to the direction. The Privacy Commissioner will consider the contents of this submission, along with other relevant advice given by third parties and any other such relevant matters, before deciding whether to give a direction to notify.
The notification statement required to be produced under the direction will need to be provided to the Privacy Commissioner and affected individuals.
The Privacy Commissioner’s decision to give a direction may be reviewed by application to the Administrative Appeals Tribunal.
See Receiving a direction to notify from the Privacy Commissioner.
