Sample File

Save for later

Data Breach Response Plan

This Data Breach Response Plan template is designed to outline how an organisation contains, assesses and responds to actual, potential or suspected data breaches that may occur from time to time.

How this document can help you

Australian companies caught by the Privacy Act 1988 (Cth) (Privacy Act) are required to take reasonable steps to protect the personal information that they hold from misuse, interference and loss, and from unauthorised access, modification or disclosure. In particular, Australian Privacy Principle 11 (APP 11) requires applicable entities to take active measures to ensure the security of personal information they hold and to actively consider whether they are permitted to retain that information. The Office of the Australian Information Commissioner (OAIC) has provided guidance on what it may consider to be reasonable steps for the purposes of APP 11; and has suggested that having reasonable data breach response processes may be one factor that contributes to compliance with APP 11.

Data Breach Response Plans can not only be used to demonstrate an organisation's commitment to privacy; but also to provide a real and practical useful tool to organisations to use should a data breach actually occur. We understand that any data breach can be catastrophic for an organisation's reputation. Therefore, our Data Breach Response Plan template addresses not only data breaches concerning Personal Information caught by the Privacy Amendment (Notifiable Data Breaches) Act 2017 - it applies to any data breach.

What it includes

This Data Breach Response Plan template includes the following sections:

  • An "About" section, detailing the purposes of the Data Breach Response Plan;
  • A "What to do if you discover a data breach" section, detailing what any personnel should do if they discover a data breach;
  • A Data Breach Incident Questionnaire designed for personnel to complete if they discover an actual data breach. Plus, separate questionnaires for "suspected" and "potential" data breaches;
  • ​​Escalation procedures, so that personnel know who to contact in upper management should they discover an actual, suspected or potential data breach;
  • ​A detailed list of actions that the person or person(s) in the organisation responsible for addressing data breaches must take upon receiving notification that an actual, suspected or potential data breach has occured, including guidance on assessing and containing breaches, determining if an "eligible data breach" has occured for the purposes of the Privacy Amendment (Notifiable Data Breaches) Act 2017, evaluating contractual and other legal obligations and complying with notification obligations where applicable;
  • ​Guidance on remedial action that should be taken where appropriate and how the organisation should review past breaches.

Common questions

When did the Privacy Amendment (Notifiable Data Breaches) Act 2017 come into effect? 

The legislation came into effect on 22 February 2018.

Are all breaches notificable under the Privacy Amendment (Notifiable Data Breaches) Act 2017?

No, only "eligible data breaches" are notifiable. The question of whether a breach must be notified is not straightforward and a number of factors need to be considered before an organisation can determine whether it is required to notify affected individuals and the Information Commissioner in the event of a data breach.

What penalties apply for breaching the Privacy Amendment (Notifiable Data Breaches) Act 2017?

The penalties are significant. Failure to comply can attract fines of up to $2.1 million.

How does it work?

Using our powerful document generation engine, Contract Instructor generates and customises legal documents using the responses that clients provide in completing our online wizard.

What you get

A report with the client's responses to the questionnaire together with the document that has been generated using your client's responses to the wizard. The document will be provided in Microsoft Word format for you to review and edit, as you consider necessary.

How much does it cost?

You charge your client whatever you consider appropriate for the legal document but pay us only $29.95 plus GST per document for using our wizard. The time you save using our wizard will makes drafting legal documents using Contract Instructor a complete game changer for your legal practice.

Payment only upon wizard completion

If the wizard is not completed, you don't pay anything. Once you or your client completes the wizard, you will be notified by email and sent a request to pay our fee of $29.95 plus GST. Upon payment you will receive a report with the client's responses to the questionnaire together with the document that has been generated using your client's responses to the wizard.

Frequently asked questions
When you generate the wizard, sample text will be created for you to copy and paste into an email to your client, which includes a link to the wizard. If you would like to complete the wizard yourself instead of sending it to your client, you can certainly do so. You can access the wizard by clicking on the link.
Yes, you will be provided with the generated document in Microsoft Word format

Related documents

Check out our other documents in this category