Privacy Breach Notification Template
As described in the Government’s Personal Information Data Breach Guideline, a privacy breach occurs when personal information “that is not already publicly available, is lost or subjected to unauthorised access, use modification, disclosure or misuse.”
A breach may have happened as a result of accidental loss, internal errors, deliberate actions, theft of physical assets, or the theft or misuse of electronic information.
The Privacy Committee of South Australia (PCSA) must be notified of breaches relating to personal information as soon as possible after the breach has occurred.
Form of notification
Following is the mandatory information the PCSA expects to be included in the Privacy Breach Notifications it receives.
The Privacy Breach Notification Template is available for agencies to notify the PCSA. However, it’s acknowledged that there may also be other internal agency specific reports and notifications completed as a result of the breach, eg Clinical Incident Briefs.
If an agency specific report includes the information outlined below it can be submitted to the PCSA as a Privacy Breach Notification without using template.
Description of the incident including:
- What led to the breach occurring?
- Whose personal information and what type of information was involved? [Do not include any unnecessary personal information about affected parties]
- Which SA Government agencies, branches and staff roles were involved?
- Whether third party organisations or individuals were involved.
- Dates of the incident, and when your agency became aware.
Advice of agency response:
- What risk of harm exists or existed for affected parties?
- Was your Chief Executive advised of the breach and when?
- Details of communication with affected parties, or your decision not to notify.
- Details of any support or assistance offered to affected parties.
- Implemented or planned changes to training, policy, procedures, systems or culture to prevent a reoccurrence.
- Contact details for further correspondence.
Email Privacy Breach Notifications to PrivacyCommittee@sa.gov.au. For assistance and advice with preparing your notification contact State Records.
The PCSA will be briefed on the breach at its next meeting and will seek further advice from the agency if required.