The Office of the Australian Information Commissioner (OAIC) is making inquiries with relevant parties into reports of a data breach involving scanned NSW driver licences.
The OAIC expects organisations to act quickly to contain data breaches involving personal information and assess the potential impact on those affected.
If the breach is likely to result in serious harm and the organisation is covered by the Privacy Act, it must notify anyone who is affected as quickly as possible. It must also notify the OAIC.
In 2019-20 we received 1,050 notifications under the mandatory Notifiable Data Breaches scheme.
Organisations need to be proactive in protecting personal information and preventing these breaches, by putting in place steps to secure personal information. This includes improved processes, technology and staff training. They should also be prepared and have a data breach response plan ready to go.
We advise individuals to respond quickly when they’re notified and take the appropriate action, such as checking accounts and credit reports, and watching out for scams.
Organisations can report an eligible data breach to us at oaic.gov.au/report-a-data-breach. More advice for individuals is available on our website at oaic.gov.au/respond-to-a-data-breach-notification