Aset Penerbit

Information Breach Policy

policy

1. Policy statement

The Department of Education (the Department) is committed to preventing information breaches and implements measures to safeguard the data and information it collects, holds, manages, uses, and discloses as part of its functions and activities outlined in the Privacy and Responsible Information Sharing Bill 2024, School Education Act 1999, or any other written law.

2. Policy rules

This Policy is a mandatory requirement under the Privacy and Responsible Information Sharing (PRIS) Policy and Framework.

All employees must:

  • only access and use official and confidential information for authorised purposes.
  • ensure the appropriate roles and responsibilities are defined in the processes and procedures to address the circumstances of an information breach.
  • comply with the Information Breach Procedures.

Guidance

See the Department’s Code of Conduct for further information on professional use of information.

This policy is a mandatory requirement under the Privacy and Responsible Information Sharing (PRIS) Policy and Framework.

Information Privacy and Data Governance team may request compliance audits to assess the level of adherence to the policy and provide updates to the Director General, Managers, Information Stewards, Principals, and other relevant individuals regarding the findings of compliance monitoring activities.

3. Responsibility for implementation and compliance

All employees are responsible for implementing this policy.

The Information Privacy and Data Governance team is responsible for compliance monitoring.

4. Scope

This policy applies to all employees.

6. Definitions

Means information, records or data that has been processed in a way as to be meaningful to the person who receives it. The term ‘data’ and ‘information’ can be used interchangeably and should be taken to mean both data and information in this document.

Occurs when there is unauthorised access, disclosure or loss of information and may be caused by malicious action, human error, or a failure of handling or systems.

7. Related documents

9. History of changes

Effective date Last update date Policy version no.
12 November 2024 1.0
New policy, endorsed by the Director General at the Corporate Executive meeting held on 11 September 2024. D24/0653243

10. More information

This policy:

Download policy PDFInformation Breach Policy v1.0


Supporting procedures:

Download Procedures PDFInformation Breach Procedures


Policy and all supporting documents:

Download Policy Bundle ZIPInformation Breach Policy Bundle


Policy review date

12 November 2027