![]() ![]() The steps that the affected individual may take to eliminate or mitigate any potential harm as a result of the notifiable data breach, including preventing the misuse of the affected individual’s personal data affected by the notifiable data breach A data breach can have potentially disastrous consequences for any business. To eliminate or mitigate any potential harm to the affected individual as a result of the notifiable data breach and Information on any action by the organisation, whether taken before or to be taken after the organisation notifies the affected individual - (i) The potential harm to the affected individual as a result of the notifiable data breach The personal data or classes of personal data relating to the affected individual affected by the notifiable data breach The circumstances in which the organisation first became aware that the notifiable data breach had occurred For the purposes of section 26D(3) of the Act, the notification by an organisation to an affected individual affected by a notifiable data breach under section 26D(2) of the Act must contain all of the following information: ( a) (4) The notification by the organisation to the Commission must be in the form and manner specified on the Commission’s website at Notification to affected individualsĦ. (3) Where, despite section 26D(2) of the Act, the organisation does not intend to notify any affected individual affected by a notifiable data breach mentioned in section 26B(1)( a) of the Act of the occurrence of that data breach, the notification to the Commission must additionally specify the grounds (whether under the Act or other written law) for not notifying the affected individual. (2) If the organisation notifies the Commission of the notifiable data breach after the expiry of the period specified in section 26D(1) of the Act, the notification to the Commission must additionally specify the reasons for the late notification and include any supporting evidence. The business contact information of at least one authorised representative of the organisation. Information on the organisation’s plan (if any) to inform, on or after notifying the Commission of the occurrence of the notifiable data breach, all or any affected individuals or the public that the notifiable data breach has occurred and how an affected individual may eliminate or mitigate any potential harm as a result of the notifiable data breach To address or remedy any failure or shortcoming that the organisation believes to have caused, or enabled or facilitated the occurrence of, the notifiable data breach To eliminate or mitigate any potential harm to any affected individual as a result of the notifiable data breach and Information on any action by the organisation, whether taken before or to be taken after the organisation notifies the Commission of the occurrence of the notifiable data breach - (i) ![]() ![]() The potential harm to the affected individuals as a result of the notifiable data breach The personal data or classes of personal data affected by the notifiable data breach The number of affected individuals affected by the notifiable data breach Information on how the notifiable data breach occurred The date on which and the circumstances in which the organisation first became aware that the data breach had occurred Ī chronological account of the steps taken by the organisation after the organisation became aware that the data breach had occurred, including the organisation’s assessment under section 26C(2) or (3)( b) of the Act that the data breach is a notifiable data breach (1) For the purposes of section 26D(3) of the Act, the notification by an organisation to the Commission of a notifiable data breach under section 26D(1) of the Act must include all of the following information: ( a) ![]()
0 Comments
Leave a Reply. |