For organisations regulated by the Australian Privacy Act 1988 ("Act") looking to maximise their compliance with the Act, the Office of the Australian Information Commissioner ("OAIC") has released a 'Guide to developing a data breach response plan' (the "Guide"). A data breach response plan is a useful addition to an organisation's data protection toolkit and the Guide sets out why an organisation should have a data breach response plan in place and what it should contain. The Guide also includes a useful checklist against which organisations can assess whether their response plan meets the OAIC's suggested criteria.
The OAIC emphasises that the Guide is not legally binding, but the Guide makes it clear that having an effective data breach response plan in place will be viewed as one of the reasonable steps an organisation can take to protect the personal data it holds against "misuse, interference and loss, and from unauthorised access, modification or disclosure".
Organisations operating in Australia are advised to have a data breach response plan in place and to use the Guide to ensure any plan is in line with the recommendations of the OAIC.
The Guide can be accessed here.