All data breaches of Consumer Data Right Information fall under the Notifiable Data Breaches scheme, which requires that you notify affected CDR consumers and the Office of the Australian Information Commissioner of eligible data breaches. A breach is eligible if it is likely to result in serious harm to a CDR consumer whose CDR data is involved.

Where a cyber incident lead to a breach of Consumer Data Right information, you must also report to the Australian Signals Directorate’s Australian Cyber Security Centre as soon as practicable once aware of the security incident.

All data breaches of Consumer Data Right Information fall under the Notifiable Data Breaches scheme, which requires that you notify affected CDR consumers and the Office of the Australian Information Commissioner of eligible data breaches. A breach is eligible if it is likely to result in serious harm to a CDR consumer whose CDR data is involved.

Where a cyber incident lead to a breach of Consumer Data Right information, you must also report to the Australian Signals Directorate’s Australian Cyber Security Centre as soon as practicable once aware of the security incident.

Under the Notifiable Data Breaches scheme, you must notify affected individuals and the Office of the Australian Information Commissioner of eligible data breaches. A breach is eligible if it is likely to result in serious harm to an individual whose personal information is involved.

You must conduct a reasonable and expeditious assessment of a suspected eligible data breach, taking all reasonable steps to ensure that the assessment is completed within 30 days.

If you are an ASX-listed listed entity, you must comply with Listing Rule 3.1 that if you become aware of information that a reasonable person would expect to have a material effect on the price or value of your securities, you must immediately tell the Australian Securities Exchange.

Immediate disclosure is not required if the information falls within the exception in Listing Rule 3.1A.

* Entities listed on markets other than ASX should consult the relevant guidance material for those markets.