top of page
  • Writer's pictureCrisis Shield

How to Manage a Crisis Tip #006: Notifying Stakeholders of a Data Breach

On 13 February 2017, the Australian Senate passed a privacy amendment bill which mandates that businesses, government agencies, non-for-profits and individuals are now required by law to notify the Office of the Australian Information Commissioner and all affected individuals (consumers, customers, staff etc.) of any data breach.

The new law will come into affect sometime this year and will apply to all organisations who are already subject to the Privacy Act.

What are the consequences of not complying?

In our experience, the truth is always going to come out eventually anyway – and your stakeholders are going to be disappointed if they only hear of a breach from somewhere other than you. There’ll be an immediate lack of trust in you.

Irrespective of that, it’ll soon be illegal not to notify them – and the penalties can be up to $1.8million in fines.

What should you do?

If you haven’t already written a Crisis Communications Plan – write one now before it’s too late.

  • These are our stakeholders

  • This is who, what, when, how we will contact them

  • This is what we’ll say

  • Establish the facts

  • What we know

  • What we don’t know

  • What we’re doing about it

  • What we want you to do

Make sure you have those message templates ready to go depending on incident type

As always, our team at BC have written endless amounts of Crisis Comms plans – if you need a hand, comment below or shoot me an email:

bottom of page