FAQs

A data breach occurs when information held by an agency (whether held in digital or hard copy) is subject to unauthorised access, unauthorised disclosure or is lost in circumstances where the loss is likely to result in unauthorised access or unauthorised disclosure.

In simple terms, it's when information gets into the wrong hands.

Human error  

• Information provided to wrong person (e.g. letter or email sent to wrong person)
• Physical assets (e.g. laptop, mobile phone, USB, paperwork) misplaced or lost
• Access to system incorrectly granted or password protection is weak.

System failure 

• Patches to maintain systems and software are not executed
• Error in system coding allowing access without authentication.

Malicious or criminal attack

• Cyber-security breaches
• Insider threats using valid credentials to access and disclose personal information. 

An eligible breach occurs when there is an unauthorised access to, or unauthorised disclosure of personal information or a loss of personal information held by a public sector agency that is likely to result in unauthorised access to, or unauthorised disclosure of the information and that the access or disclosure of the information would  likely result in serious harm to the person the information relates to.