Recommendation 5.
Managing data breaches

A laptop that says, 'Name', and 'Address'. A lock icon.

A data breach is when data or private information is shared when it should not be or is stolen from a secure computer system.

A rules book.

The same set of rules should be for all parts of the government that work on the data asset. The rules should be clear so that all people that use the data know what they must do.

A person giving a thumbs up. A green tick. An award.

The rules should be clear on who should be told when data is used the wrong way like:

  • the Office of the Australian Information Commissioner
  • the Office of the National Data Commissioner
  • any other people who need to know.

The rules should also say who will tell people when data is used in the wrong way.

Response

The Australian Coat of Arms. A map of Australia and a handshake. A green tick.

We agree.

A 'Data Break Framework' document.

We will consider this recommendation when we make a document called the Data Breach and Incident Response Framework.

A framework is a plan for how things should work.

A document that has 1, 2 and 3 listed on it.

The framework will say:

  • what needs to be done if there is a data breach
  • who needs to do things in the plan, like looking at what happened and letting others know what happened.

A rules book.

All organisations who share data must have:

  • their own rules
  • ways to fix things if there is a data breach.

They need to follow rules in the Data Availability and Transparency Act 2022.

Three people, each looking through a magnifying glass.

The Office of the National Data Commissioner could also do checks to make sure things are being done to meet the laws and rules.

A calendar that says, 'June 2024'

The framework should be done by June 2024.