How to manage a data breach: Plan, assess, notify

  • Podcast

    04 August 2023

How to manage a data breach: Plan, assess, notify Desktop Image How to manage a data breach: Plan, assess, notify Mobile Image


Organisations are collecting, holding and processing more data than ever before. As businesses continue to transition to digital platforms, e-commerce solutions and digital storage of information at scale and at pace, the frequency and sophistication of cyber-attacks continues to increase.

Partner Richard Wells and Senior Associate Suzy McMillan lead the firm’s privacy practice. In this episode, they share their recommendations for preparing for, and managing, a data breach which aligns with the Office of the Privacy Commissioner’s guidance.

Before the breach: Plan, plan and plan some more

To ensure a fast and efficient security breach response, [01:41] organisations should invest in upfront security measures, map their information assets, carry out regular security audits, invest in cyber insurance and train their staff. 

Crucially, they should also develop and invest in [10:36] a comprehensive Data Breach Response Plan to guide them through the four-step process of containment, evaluation, notification, and prevention. Because despite their best efforts, cyber incidents and data breaches can, and will, happen.

Notification of breach and assessment of ‘serious harm’

[12:00] The new mandatory privacy breach notification regime within the Privacy Act 2020 (Act) specifies that if a breach meets the threshold of ‘serious harm’, organisations are required to notify the Office of the Privacy Commissioner and affected individuals. 

[12:35] Richard and Suzy discuss the various factors that should be considered when assessing ‘serious harm’ under the Act, and [15:48] how organisations should interpret the requirement to notify “as soon as reasonably practicable” ([18:52] including some key learnings around ‘comms’). 

Please contact Richard Wells, Suzy McMillan or a member of our Technology team if you need legal advice and guidance on any of the topics discussed in this episode.

Please get in touch to receive an episode transcript, and don’t forget to rate, review or follow the Tech Suite wherever you get your podcasts. You can also sign up to receive technology updates via your inbox here.

Additional resources

[05:41] Privacy Commissioner media release - notable increase in data breaches recorded

[07:09] Office of the Privacy Commissioner E-learning (free courses

[11:25] Office of the Privacy Commissioner’s mandatory data breach reporting under the Privacy Act 2020