Report a Scheme data breach

In the event a DATA Scheme entity reasonably suspects or becomes aware that a Scheme data breach has occurred, they must notify the Commissioner:

• For personal data breaches – as soon as practicable, by giving the Commissioner a copy of the ‘eligible data breach’ statement submitted to the Australian Information Commissioner
• For non-personal data breaches – as soon as practicable after the end of the financial year in which the breach occurs. However, a DATA Scheme entity may, and is encouraged to, submit the notification earlier than that.

Report a Scheme data breach to the Commissioner through Dataplace using the ‘Contact us’ tile. Please note that a designated individual of your entity must submit the report to the Commissioner.

If you have any questions or require assistance in relation to reporting a Scheme data breach, please contact us at information@datacommissioner.gov.au.

The Office of the National Data Commissioner (ONDC), on behalf of the Commissioner, will consider the information provided in the Scheme data breach report, along with any supporting documentation. The ONDC aims to be in touch with the DATA Scheme entity within 5 business days after receiving the notification.

Please note, there are no legislative time limits on the handling of data breaches under the DATA Scheme. Each Scheme data breach report is reviewed on a case-by-case basis, with the objective to finalise the case within a reasonable timeframe.