Data breach incidents

Data breach incidents

Agencies are required to prepare and publish a Data Breach Policy as required by the MNDB Scheme. The Data Breach Policy details how the agency will respond to a data breach including clear roles and responsibilities for managing a data breach or suspected data breach. The Policy sets out the steps the agency will follow if a breach occurs, including notifying affected individuals and the Privacy Commissioner.

Agencies are required to establish and maintain:

  • An internal register of eligible data breaches; and
  • A public register of any public data breach notifications made under section 59N(2) of the PPIP Act.
Relevant Resources

Read nextEvaluation, internal and external oversight

Download the Framework and Guide