Practice Areas
Cybersecurity, Data Protection & Privacy
- Get free trial for practice areas as below
- Business
- Consumer
- Corporations
- Criminal
- Employment
- Family
- General Counsel
- Governance
- Immigration
- Intellectual Property
- Personal Injury NSW
- Personal Injury Qld
- Personal Injury Vic
- Personal Property Security
- Property
- Succession
- Work Health & Safety
- Tax
- Mergers & Acquisitions
- Banking & Finance
- Social Justice
- Cybersecurity, Data Protection & Privacy
- Insolvency
- Competition
LexisNexis Practical Guidance®
Straightforward guidance across a range of topics
- Mandatory data breach notification
- Notifying of an eligible data breach
Identifying when notification is required
Notification to both the Privacy Commissioner and affected individuals will be required when an entity becomes aware that there are reasonable grounds to believe an eligible data breach has occurred.
However, notification is not required, or only required in a limited manner, even if an entity has experienced an eligible data breach where:
- • the eligible data breach is an eligible data breach of another entity who has already fulfilled notification obligations under this regime;
- • notification would be inconsistent with a secrecy provision;
- • the Privacy Commissioner has given a declaration that no notification is required in regard to the eligible data breach; or
- • notification would be likely to prejudice enforcement-related activities.
See Identifying when notification is required.
