Notifiable Data Breach statement
This form is used to inform the Australian Information Commissioner of an
‘eligible data breach’ where required by the Privacy Act 1988.
Part one is the 'statement' about a data breach required by section 26WK of the Privacy Act. If you are required to notify individuals of the breach, in your notification to those individuals you must provide them with the information you have entered into part one of the form.
The OAIC encourages entities to voluntarily provide additional information about the eligible data breach in part two of this form. Part two of the form is optional, but the OAIC may need to contact you to seek further information if you do not complete this part of the form.
Before completing this form, we recommend that you read our resource What to include in an eligible data breach statement
If you are unsure whether your entity has experienced an eligible data breach, you may wish to review the Identifying eligible data breaches
The OAIC will send an acknowledgement of your statement about an eligible data breach on receipt with a reference number.
You can save this form at any point and return to complete it within 3 days. To save your form, click on the Save For Later button on the top right-hand corner of this form. If you do not submit your saved form within 3 days, your saved information will be permanently erased.
Refreshing your browser will clear any information that you have not saved. If you need to refresh your browser while completing this form and wish to keep your changes, please save the form first.