AU notifiable data breach — Privacy Act s 26WK
scenarioAUprivacySourcePrivacy Act 1988 (Cth) Part IIIC ss 26WA-26WT (Notifiable Data Breaches scheme, introduced by the Privacy Amendment (NDB) Act 2017)
An APP entity has suffered an eligible data breach — unauthorised access, disclosure, or loss of personal information likely to result in serious harm. The entity must notify the affected individuals and the OAIC as soon as practicable under the Notifiable Data Breaches scheme.
Applies when
event=data_breachdata_class=personal_informationcountry_of_operation=AU
Applicable legislation (2 items)
- Privacy Act 1988CTH1988Part IIIC NDB scheme
- cth/act-2017-012-ndbAmendment that introduced the scheme
Applicable topics (2 claims)
- Notifiable Data Breaches scheme — eligible data breachinstitutionalDefinition of 'eligible data breach'
- Notification obligation — OAIC + affected individualsinstitutionalCore notification obligation
Co-applies within this scenario (2 relationships)
Rules don’t globally co-apply — they co-apply when the scenario is true. The pairs below reinforce each other under the AU notifiable data breach — Privacy Act s 26WK predicates.
- Notifiable Data Breaches scheme — eligible data breach↔Notification obligation — OAIC + affected individualsboth_apply
NDB eligible-breach definition + s 26WK / 26WL notification obligation both engage on data-breach events
- APP 8 — cross-border disclosure obligations↔s 16C — accountability for overseas recipient conductmutually_reinforcing
APP 8 reasonable-steps obligation + s 16C liability pass-through jointly police overseas disclosures
Try this in Tailor Fabric
Tailor Fabric can pin this applicability subgraph into any document or meeting context — outline generation, pipeline construction, and compliance review will all draw from the legislation and topics above.
POST /api/scenarios/match