Skip survey header

Personal Data Breach Self-Assessment

Do I need to Notify?

Reporting a Personal Data breach is a requirement under the DP Law 2020, Articles 41 and 42. If you think your organisation has suffered such a breach, please complete this self-assessment to make an initial determination of whether to report it to the Commissioner and / or Individual.

Please note this assessment is quite basic and for guidance purposes only. If you have additional questions or specific issues, please seek legal advice. In order to preserve your privacy and to provide an objective, honest assessment of a possible Personal Data breach, no identifying information is shared with the Commissioner's Office by completing this assessment.

1. Are you assessing a privacy breach by an organisation, on behalf of the organisation? *This question is required.
Did the breach involve personal information? *This question is required.
How sensitive is the information that is involved in the breach? *This question is required.
Who has obtained or may obtain the information?  *This question is required.
Was any harm caused or likely to be caused by the breach? *This question is required.
What types of harm may be caused to people affected by the breach? (Please rate the likely impact you think it will have on any affected persons.) *This question is required.
Space Cell LowMediumHigh
Discriminatory harm
Emotional harm
Employment harm
Financial harm
Identity theft
Loss of access to information
Loss of opportunity
Physical harm
Reputational harm
Threats of harm
Was any personal information involved in this breach accessed by anyone? *This question is required.
What steps have been taken to reduce the risk of harm or further harm from this breach? *This question is required.
  • * This question is required.
Are there security measures in place that protect the information from being accessed? *This question is required.
Please tell us if any of the following high risk factors apply:
  • Someone's physical safety is in immediate danger 
  • Someone's psychological safety is at immediate risk
  • There is immediate risk of serious financial harm
*This question is required.