Data Breach Response Plan

Privacy Compliance Updated 8 May 2018

  • $1,399.00

Our Data Breach Response Plan template is designed to outline how an organisation contains, assesses and responds to actual, potential or suspected data breaches that may occur from time to time in accordance with its obligations under the Privacy Amendment (Notifiable Data Breaches) Act 2017 (NDB Law).

How this document can help you

Australian companies caught by the Privacy Act 1988 (Cth) (Privacy Act) are required to take reasonable steps to protect the personal information that they hold from misuse, interference and loss, and from unauthorised access, modification or disclosure. In particular, Australian Privacy Principle 11 (APP 11) requires applicable entities to take active measures to ensure the security of personal information they hold and to actively consider whether they are permitted to retain that information. The Office of the Australian Information Commissioner (OAIC) has provided guidance on what it may consider to be reasonable steps for the purposes of APP 11; and has suggested that having reasonable data breach response processes may be one factor that contributes to compliance with APP 11.

Data Breach Response Plans can not only be used to demonstrate an organisation's commitment to privacy; but also to provide a real and practical useful tool to organisations to use should a data breach actually occur. We understand that any data breach can be catastrophic for an organisation's reputation. Therefore, our Data Breach Response Plan template addresses not only data breaches concerning Personal Information caught by the Privacy Amendment (Notifiable Data Breaches) Act 2017 - it applies to any data breach.

What it includes

Our Data Breach Response Plan template includes the following sections:

  • An "About" section, detailing the purposes of the Data Breach Response Plan;
  • A "What to do if you discover a data breach" section, detailing what any personnel should do if they discover a data breach;
  • A Data Breach Incident Questionnaire designed for personnel to complete if they discover an actual data breach. Plus, separate questionnaires for "suspected" and "potential" data breaches;
  • ​​Escalation procedures, so that personnel know who to contact in upper management should they discover an actual, suspected or potential data breach;
  • ​A detailed list of actions that the person or person(s) in the organisation responsible for addressing data breaches must take upon receiving notification that an actual, suspected or potential data breach has occured, including guidance on assessing and containing breaches, determining if an "eligible data breach" has occured for the purposes of the Privacy Amendment (Notifiable Data Breaches) Act 2017, evaluating contractual and other legal obligations and complying with notification obligations where applicable;
  • ​Guidance on remedial action that should be taken where appropriate and how the organisation should review past breaches.

Common questions

When did the Privacy Amendment (Notifiable Data Breaches) Act 2017 come into effect? 

The legislation came into effect on 22 February 2018.

Are all breaches notificable under the Privacy Amendment (Notifiable Data Breaches) Act 2017?

No, only "eligible data breaches" are notifiable. The question of whether a breach must be notified is not straightforward and a number of factors need to be considered before an organisation can determine whether it is required to notify affected individuals and the Information Commissioner in the event of a data breach.

What penalties apply for breaching the Privacy Amendment (Notifiable Data Breaches) Act 2017?

The penalties are significant. Failure to comply can attract fines of up to $2.1 million.

How much free legal advice does this template come with?

This template comes with 15 minutes of free telephone legal advice from Arnotts Technology Lawyers. During this time, Arnotts will answer any questions they can about the template, to the extent possible within the 15 minutes allocated.

Why Use DocuStream?

  • Quick and easy
  • Customisable
  • Comes with free legal advice
  • Download in Microsoft Word format
  • Apply your own branding
  • Comes with 1 year of free updates
Buy Now

Download Sample

Need help selecting a template?

Call us on

02 8238 6989

Related Documents

Related Blog Articles