Please resolve the following issues before proceeding
Click on an issue to go directly to the related section of the form.
errors found:
warnings found:

Submission Received

Thank you, your submission has been received.Submission Enquiries:

To check the progress of your submission and/or confirm it has been received, please contact the OAIC on 1300 363 992 or by email: enquiries@oaic.gov.au

Next steps

You are required to complete these additional forms to finalize your request.
Your Tracking Code is:
Please quote your Tracking Code when enquiring about your submission.

For your records

Would like a copy of this submission for your personal records?
OR

Check your email

We've sent a copy of your submission to your email address ().If you didn't receive it or would like another copy, just select one of the options below.
OR

Form Saved

Your form has been saved and may be re-opened later.
Your Tracking Code is:
Please note that your saved form, if not updated or submitted within a set period of time, will be deleted.Please ‘Send yourself a reminder email’ below. This email details the date and time your form will be deleted, the Tracking Code number, a link to access your saved form and information on how to contact us for further assistance.

Send yourself a reminder email

Enter your email address and we'll send you instructions on how to return to your form.

Check your email

We've sent instructions to your email address () on how to return to the application when you are ready. If you didn't receive it or would like a reminder send to a different email address, just click the link below and follow the instructions.

Notifiable Data Breach Form

Consultation Draft - not for use
Fields marked with * are required

About this form

Notifiable Data Breach statement

This form is used to inform the Australian Information Commissioner of an
‘eligible data breach’ where required by the Privacy Act 1988.

Part one is the 'statement' about a data breach required by section 26WK of the Privacy Act. If you are required to notify individuals of the breach, in your notification to those individuals you must provide them with the information you have entered into part one of the form.

The OAIC encourages entities to voluntarily provide additional information about the eligible data breach in part two of this form. Part two of the form is optional, but the OAIC may need to contact you to seek further information if you do not complete this part of the form.

Before completing this form, we recommend that you read our resource ‘What to include in a notification statement’.

If you are unsure whether your entity has experienced an eligible data breach, you may wish to review the ‘Identifying eligible data breaches’ resource.

The OAIC will send an acknowledgement of your statement about an eligible data breach on receipt with a reference number.

You can save this form at any point and return to complete it within 3 days. To save your form, click on the Save For Later button on the top right-hand corner of this form. If you do not submit your saved form within 3 days, your saved information will be permanently erased.

Refreshing your browser will clear any information that you have not saved. If you need to refresh your browser while completing this form and wish to keep your changes, please save the form first.

Your personal information

We will handle personal information collected in this form (usually only your name and contact details) in accordance with the Australian Privacy Principles.

We collect this information to consider and respond to your breach notification. We may use it to contact you.

More information about how the OAIC handles personal information is available in our privacy policy.

Part one - Statement about an eligible data breach

Notifiable data breach form
Consultation Draft - not for use
Fields marked with * are required

About part one

The information that you provide to the OAIC in part one of this form must also be included in your notification to individuals (if notification is required).

Organisation/agency details

You must complete this section

Description of the eligible data breach

You must complete this section

Information involved in the data breach

You must complete this section
Kind or kinds of personal information involved in the data breach
Please select all that apply:

Recommended steps

You must complete this section
Steps your organisation/agency recommends that individuals take to reduce the risk that they experience serious harm as a result of this data breach:

Other entities affected

This section is optional
If the data breach described above was also a data breach of another organisation/agency, you may provide their identity and contact details.
Was another organisation/agency affected?
Please provide contact details for the organisation/agency:

Part two - Additional information

Notifiable data breach form
Consultation Draft - not for use
Fields marked with * are required

About part two

The OAIC encourages entities to provide additional information to assist us in understanding the eligible data breach. Part two of the form is optional, but the OAIC may need to contact you to seek further information if you do not complete this part of the form.

The information that you provide on part two of the form does not need to be included in your notifications to individuals, and you may request that it be held in confidence by the OAIC.

Your contact details

Breach details

Date the breach occurred (if known):

Date the breach was discovered:

Primary cause of the data breach:

Description of how the data breach occurred

Number of individuals whose personal information is involved in the data breach

Exact number of individuals whose personal information is involved in the data breach

Description of any action you have taken to assist individuals whose personal information was involved in the data breach

Description of any action you have taken to prevent reoccurrence

How do you intend to notify individuals who are likely to be at risk of serious harm as a result of the data breach? When will this occur?

List any other data protection authorities, law enforcement bodies or regulatory bodies that you have reported this data breach to:

Additional information

Is there any other information you wish to provide at this stage, or any matters that you wish to draw to the OAIC’s attention?

You can provide additional information below, or attach supporting documents when you submit this form.
Attachments
File:
The OAIC will respect the confidence of commercially sensitive information provided voluntarily in support of a data breach notification, and will only disclose this information after consulting with you, and with your agreement or where required by law.

Review and submit

Notifiable data breach form
Consultation Draft - not for use
Fields marked with * are required

Submitting your form

Please review the information that you have provided about the data breach. If you would like to change anything, you can return to the relevant section by using the
Go Back button.

Once you are ready to submit your form, click the Submit button below (not available in this draft).

Once you submit your form, you will be taken to a confirmation page. This page will provide a receipt number for your submission, and you will be able to download a copy of your completed form or have a copy sent to an email address of your choice.