Source: Privacy Commissioner
During Privacy Week when we talked about notifying individuals about privacy breaches, we got asked a lot of questions about our guideline around 72 hours. Heres what we mean when we say 72 hours
You must inform the Privacy Commissioner of serious privacy breaches as soon as you practically can after becoming aware of them. Our expectation is that you will do this within 72 hours of becoming aware that its a notifiable breach. This timeframe is a guide only and is intended to initiate prompt notification to us. In some cases, it will be clear from the outset that a breach has occurred and that it is notifiable.