Go to top of page

What happens when an organisation accidentally makes your personal details public?

22 February 2018

Organisations collect and store a lot of personal details. You trust them with your address, credit card number, health records and more.

How would you feel if your personal details were accidentally released and went public?

Sometimes personal information is released publicly by accident or as a result of poor security. For example, computer systems can be hacked and personal information stolen.

The new privacy rules aim to better protect your personal information, by making organisations more accountable if they expose it.

A recent McAfee survey found that 43% of people feel they don't have control over their personal information.

New privacy rules explained

The Notifiable Data Breaches scheme means many organisations must tell you if your personal data has been involved in a data breach, and this has put you at risk of serious harm.

These are called 'eligible data breaches'.

What are eligible data breaches?

An eligible data breach is one that is likely to result in serious harm to the person the information is about. This could include serious physical, psychological, emotional, financial, or reputational harm.

When an organisation notifies you about a data breach, they will also have to provide recommendations for how you can protect yourself.

What organisations does the scheme apply to?

The scheme applies to Australian Government agencies, businesses and not-for-profit organisations with an annual turnover of more than $3 million, credit reporting bodies, and health service providers, among others.

What does the scheme mean for you?

If an organisation spills your details and it could result in serious harm for you, they will have to tell you about it as soon as possible. This is to give you the chance to reduce any potential harm by taking action that may include changing your password or contacting your bank if your banking details have been leaked.

Find out more about how to recover when things go wrong.

How will you find out if you are the victim of an eligible data breach?

Organisations should get in touch with you directly if they have accidentally released your data.

Sometimes this won't be possible, for example, if the organisation doesn't have your current contact details.

If this is the case, the organisation has to publish the information on their website and make an effort to make sure people affected see it.

More information

For more information on the Notifiable Data Breaches scheme, visit the Office of the Australian Information Commissioner website.