DCS Data Breach Public Notification Register
The purpose of the register is to ensure individuals can determine whether they may have been affected by a Department of Customer Service (DCS) data breach and to take action to protect their personal information where necessary.
Why we have a data breach register
If we are unable to notify any of the affected individuals directly, a public notice will be placed on this page.
Part 6A of the Privacy and Personal Information Protection Act 1998 introduces the Mandatory Notification of Data Breach (MNDB) scheme. Under the MNDB scheme, the DCS must notify the affected individuals of data breaches involving personal or health information that are likely to result in serious harm unless an exemption applies.
When data breaches are published on this register
DCS must provide notification of an eligible data breach as soon as practicable after the data breach has been assessed and after notification exemptions have been considered.
The notification must be available for at least 12 months after the date of publication and include specific legislated information.
Information published in the register
We must record the following details of the eligible data breach on this register:
- Data breach title
- Date of data breach
- Date notification published
- Description of data breach
- How the data breach occurred
- Type of data breach
- Type of personal information that was the subject of the data breach
- Amount of time the personal information was disclosed
- Actions DCS have taken or are planned to take ensure the personal information is secure, or to control or mitigate the harm done
- Recommendations about the steps the individual should take in response to the data breach
- Information on how to make a privacy complaint and request an internal review
- Agency(s) name that are the subject of the data breach
- Contact details for this data breach
Data Breach Register
There are no public notifications at this time.