Notify the Privacy Commissioner

Section 59M of the Privacy and Personal Information Protection Act 1998 (PPIP Act) requires the head of a public sector agency to immediately notify the Privacy Commissioner of an eligible data breach using an approved form. 

The online form has been approved by the Privacy Commissioner for use by agencies for the purpose of notification under section 59M of the PPIP Act.

The form sets out the information that agencies must supply to the Privacy Commissioner when making a notification of an eligible data breach, unless it is not reasonably practicable to provide that information.

Upon completion of the webform, agencies will receive an acknowledgment email with a copy of the submission and the date and time it was submitted to the Privacy Commissioner, to enable agencies to retain a copy of the submission for their record keeping system.

Please note, the webform is not to be used for an agency’s notification to individuals affected by a breach, however the information supplied may be of use when developing your agency’s written notification as required by section 59N of the PPIP Act.

Update to a previous eligible data breach notification

Agencies who have made a formal notification to the Privacy Commissioner using the above webform are able to provide an update or new information regarding the breach to the IPC via the PDF form below. 

This form is not to be used for an initial notification. It must include the case number that was provided to you by the IPC.