Mandatory Data Breach Reporting

An entity that is required to comply with the Privacy Act 1988 must take reasonable steps to protect the personal information it holds from misuse, interference and loss, as well as unauthorised access, modification or disclosure.  This extends to situations where an entity engages a third party to store, maintain or process personal information on[…]