Simplified outline of this Part
• This Part sets up a scheme for notification of eligible data breaches.
• An eligible data breach happens if:
(a) there is unauthorised access to, unauthorised disclosure of, or loss of, personal information held by an entity; and
(b) the access, disclosure or loss is likely to result in serious harm to any of the individuals to whom the information relates.
• An entity must give a notification if:
(a) it has reasonable grounds to believe that an eligible data breach has happened; or
(b) it is directed to do so by the Commissioner.