Australian Sales & Support 1800 519 724
Pay Invoice|Login|Register
Free Resource

Data Breach Response Planfor Small Businesses

Template and guide for responding to data breaches in compliance with Australian law

What should you do if your business suffers a data breach?

Under Australia's Privacy Act and the Notifiable Data Breaches (NDB) Scheme, all businesses handling personal data must act quickly if a breach occurs.

A data breach means:

Unauthorised Access

Hacker gains entry to email accounts

Unauthorised Disclosure

Staff member posts customer data online

Loss of Data

Unencrypted laptop with customer files stolen

If the breach is "likely to cause serious harm", you must notify affected individuals and the OAIC (Office of the Australian Information Commissioner).

Fines and penalties apply for non-compliance. Having a plan is no longer optional.

Step-by-Step Data Breach Response

Five essential steps to handle a data breach legally and effectively.

Step 1. Identify & Contain

Detect breach through monitoring, staff report, or customer complaint

Step 2. Assess the Impact

Evaluate what information was accessed and potential risks

Step 3. Notify if Required

Comply with legal notification requirements

Step 4. Contain & Remediate

Fix vulnerabilities and remove threats

Step 5. Review & Learn

Improve security based on lessons learned

Remember: Speed is Critical

Under Australian law, you have 30 days to assess and notify about data breaches. Having a plan in place before a breach occurs is essential for compliance.

Non-compliance can result in fines up to $2.1 million

Template – Data Breach Response Plan

Use this template to create your own comprehensive response plan.

Business Information

___________________________
___________________________
___________________________

Incident Response Team

___________________________
___________________________
___________________________
___________________________

Response Checklist

Identify & contain breach
Assess impact & risk of serious harm
Notify OAIC & affected individuals if required
Contain & remediate vulnerabilities
Conduct review & document outcomes

Notification Template (to Customers)

Dear [Customer Name],

We are writing to inform you of a data breach that may have involved your personal information.

What happened: [Summary]

What information was involved: [Details]

What we are doing: [Containment steps]

What you should do: [Reset password, contact bank, etc.]

We apologise for this incident and are available to assist you.

Contact us at: [Phone / Email]

Self-Check Section

Ask yourself these critical questions to assess your readiness.

1

Do you know who will lead the response if a breach occurs?

2

Do you have staff trained to spot and report breaches?

3

Do you know how to notify the OAIC and customers quickly?

4

Do you have a draft notification ready?

If the answer is "no" to any of these → you are not compliant.

A data breach can cost small businesses $88,000+ on average in Australia

Don't risk it — have a tested Data Breach Response Plan in place. HSJ Host helps SMEs with comprehensive breach response planning and support.

HSJ Host helps SMEs with:

Data Breach Response Plans (ready-to-use templates)
Staff training for breach reporting
Privacy Act & NDB compliance audits
Incident response & recovery support

Get Expert Help

Call us today for a free compliance consultation

1800 519 724

Contact Us

Send us a message about your compliance needs

[email protected]
Get Response Plan TemplateView Cyber Security Services

Compliance and cyber security made simple for small businesses.

Back to All Resources