Data breaches can include inappropriate destruction of information, loss of physical files, or the storing of information with third parties without permission. Data breaches can result in serious harm and the reporting of such events to impacted individuals will become mandatory in Australia in 2018 for Commonwealth Privacy regulated organisations (see oaic.gov.au). 

‍

Ways you can detect a breach? 

•  An organisation can inform you that your information has been “breached”, “leaked”, “lost” or some other term – some organisations don’t like to call a breach a “breach”. 
• You read about it in the media – a lot of data breaches are being reported to the media from responsible organisations because they may not have up to date contact information. 
• You experience the misuse of your identity information but don’t know how such information was originally compromised 

‍

If it happens to you, here are some questions you may wish to ask? 

•  What specific information of mine has been breached? 
• How was my information breached? 
• What has the responsible organisation done to respond to the breach and how have they subsequently protected my information? 
• How long did it take to notify me of the breach from when the organisation first detected it? 
• What remedies is the organisation offering impacted people? (for example, support services, credit monitoring, product/service refunds, additional security etc.)? 

‍

Here are some prevention tips 

• ‍Take the time to understand why your information is being collected, how it will be secured, how long it will be stored, who it will be shared with, and how it will be discarded (it’s your right to know this). 
• Ask whether they have experienced a data breach or do some searching with the Privacy commissioner website to see if they have a track record of breaches. 
• Work out what’s important to you and protect it. If they ask for photo ID, produce something other than a licence or passport if you can (these are high risk credentials). 

‍

Knowing your privacy rights 

We all have rights in relation to the protection of personal information. Privacy legislation in Australia and New Zealand requires regulated entities to protect your information that identifies you. It is important to understand these rights, particularly when they are threatened by identity compromise and misuse, including data breach events. The Privacy Commissioner websites in Australia and New Zealand are the best sources of information on these rights. This Fact Sheet introduces the basics and provides some tips if your identity information is compromised.

For more information please see our Knowing Your Privacy Rights Fact Sheet.