Guidelines
Notifiable Data Breaches (NDB) scheme
Eligible data breach assessment + 72-hour notification.
In plain English
This guidance explains the Notifiable Data Breaches scheme, covering data breach assessments and 72-hour notifications.
The Notifiable Data Breaches (NDB) scheme applies to organisations that handle personal information. It requires assessment of eligible data breaches. Organisations must notify the Office of the Australian Information Commissioner and affected individuals within 72 hours of becoming aware of a breach. This guidance was last revised by the OAIC.
Why it matters
If your business handles personal information, you must follow this guidance. Failing to do so could impact your reputation and legal obligations. Understand your responsibilities to protect data and respond to breaches appropriately.
AI-assisted summary, grounded in the source link below. Generated 2026-05-23 via gemma3:12b.
Issuing regulator
OAIC →Topics
Source: https://www.oaic.gov.au/privacy/notifiable-data-breaches. Rules Mate indexes + summarises; always verify against the regulator's live publication.