Effective and responsive data breach plans
Data breaches are a significant feature in the privacy landscape. Australia’s largest corporate data breaches included cyber-attacks on Optus, Medibank and Latitude Finance, affecting the personal information of millions of Australians.
Government agencies need to allocate sufficient time, attention and resources to prevent and manage data breaches.
We conducted a survey and asked agencies to report on their planning to respond to data breaches. Some agencies reported that they have comprehensive data breach response plans. However, in general, agencies have more work to do to be ready to respond to data breaches effectively.
We recommend that all agencies ensure they have appropriate policies, procedures, plans and strategies in place so they can prevent, detect and respond to data breaches quickly and effectively. For example, a comprehensive data breach response plan can help agencies limit the consequences of a breach, including the risk of harm to the individuals whose privacy has been affected. Agencies also need to prepare for mandatory notifications to external stakeholders.
