Last updated: 12 November 2025

​

Purpose:
To ensure a rapid, compliant, and coordinated response to actual or suspected data breaches involving personal or confidential information.

​

1. What is a data breach?

A data breach occurs when personal or confidential information is lost, accessed, disclosed, or altered without authorisation. Examples include:

• Hacking or ransomware attack.

• Lost laptop, USB, or phone containing client data.

• Email sent to the wrong recipient.

• Accidental publication of personal data.

 

2. Response team

• Incident Lead: Alana Ford (Founder & Principal Advisor, Sirius Geopolitics)

• Privacy Officer: alana@siriusgeopolitics.au

• External support: IT provider and legal advisor (if needed)

 

3. Response steps

Step 1: Contain

• Immediately isolate affected systems and stop further unauthorised access.

• Change passwords, disable affected accounts, and secure backups.

• Retrieve lost data where possible.

Step 2: Assess

• Determine what information was involved, who was affected, and how serious the risk of harm is.

• Document all findings.

Step 3: Notify

• If serious harm is likely, prepare a Notifiable Data Breach statement for the OAIC and notify affected individuals without delay.

• Notification will include the nature of the breach, the type of information involved, and recommended steps for affected persons.

Step 4: Review

• Identify the root cause and update security protocols, staff training, and policies.

• Keep a register of all data breach incidents (including near misses).

 

4. Timeframe

Assess and determine notification requirements within 30 days of becoming aware of the breach (as required by law).

 

5. Prevention

• Regular password updates and multi-factor authentication.

• Encrypted cloud storage and email.

• Annual privacy and security review.

• Secure document disposal practices.