With the Notifiable Data Breaches legislation just months away from commencement, the Office of the Australian Information Commissioner (OAIC) has published further draft guidance for consultation. The recently published draft guidance covers the following topics:

   – Assessing a suspected data breach
– What to include in an eligible data breach statement
– Notifiable Data Breach statement

The guidance on assessing suspected data breaches is of vital importance to all holders of personal information. It clearly outlines the regulator’s expectations about how holders of personal information determine whether an unauthorised disclosure of personal information is considered to be a notifiable data breach.

The Office of the Australian Information Commissioner has asked for comments in respect of the draft guidance by 23 October 2017.

Whilst a notifiable data breach is the last thing that the holder of personal information would wish, it is critical that appropriate policies and procedures that enable a quick and effective response are in place in the event of a notifiable data breach. The draft guidance from the OAIC coupled with their existing data breaches guidance will assist holders of personal information have an appropriate response.