Use the Lexology Navigator tool to compare the answers in this article with those from other jurisdictions.

Data security and breach notification

Security obligations
Are there specific security obligations that must be complied with?

Data users must take all practicable steps to ensure that personal data held by them is protected against unauthorised or accidental access, processing, deletion, loss or use. If any personal data is transferred to a data processor, the data user must adopt contractual or other means to ensure that the data processor protects the personal data from any unauthorised or accidental access, processing, deletion, loss or use.

Breach notification
Are data owners/processors required to notify individuals in the event of a breach?

While there is no statutory requirement to do so, voluntary notification is generally recommended by the privacy commissioner. Industry-specific regulators may also require companies in such regulated industries (eg, financial institutions) to notify individuals of any unauthorised access, use or loss of their personal data. 

Are data owners/processors required to notify the regulator in the event of a breach?

While there is no statutory requirement to do so, voluntary notification is generally recommended by the privacy commissioner. Industry-specific regulators may also require companies in such regulated industries (eg, financial institutions) to notify them in the event of any unauthorised access, use or loss of personal data.

Click here to view the full article.