Data breach assessment tool launched

OIC has added to its suite of IPOLA resources to help agencies prepare for the incoming Mandatory Notification of Data Breach (MNDB) scheme, launching a new online assessment tool.

The MNDB scheme will start on 1 July 2025 across all Queensland public sector agencies, except local government which will begin one year later.

Under the scheme, when a data breach occurs and an agency reasonably suspects the breach is an eligible data breach, it must conduct an assessment to determine whether there are reasonable grounds to support this. The assessment must be conducted promptly and completed within 30 days, unless an extension is granted.

The new MNDB assessment tool has been designed to help agencies:

• in the initial consideration of a data breach, to inform next steps

• in a full assessment of a data breach, to determine eligibility under the scheme and associated obligations.

Based on the data that agencies enter, the assessment tool provides a structure to conduct the assessment which includes advice for each step of the process.

The questionnaire is anonymous with no data saved or viewed by OIC. Agencies can receive their inputs via email for consideration and record keeping.

The online assessment tool finalises the suite of resources provided by the OIC to support agencies prepare for the MNDB scheme, including:

• MNDB assessment tool

• OIC template - Data breach policy

• OIC template - Eligible data breach register

• OIC template - Data breach response plan

Visit our IPOLA webpage for more resources and training material.