Contain a data breach incident then evaluate the associated risk, says the Office of the Privacy Commissioner.As part of the National Privacy Awareness Week, which kicked-off yesterday, the Privacy Commissioner Karen Curtis released a guide which lists steps that can be taken in case of an incident; in preventing and if necessary, responding to a data breach.
The 41-page document details four key steps: the first, to contain the breach and do a preliminary assessment followed by evaluating the risk associated with the breach.
In step three, organisations should consider the notification of affected individuals where a breach creates a real risk of serious harm to the individuals.
Step four advises organisations to prevent further breaches.
The guide, titled the ‘Guide to Handling Personal Information Security Breaches’ is available for voluntary use by businesses, agencies and non-government organisations.
According to Curtis, "While the Guide is voluntary, it represents good practice in handling breaches, and I would urge all organisations and agencies to read it and consider its use."
Curtis said the Guide was developed following extensive consultation with a range of stakeholders.
A recommendation to the government by the Australian Law Reform Commission earlier this month said the Privacy Law should be amended to include a mandatory data breach legislation in cases of serious harm.
National Privacy Awareness will runs between 24-30 August.