Office of the Australian Information Commissioner — NDB Scheme

Fictional teaching environment • Regulatory compliance view • Not legal advice

Notification Drafts

Drafts must balance transparency with uncertainty.

Draft A — Preliminary (not issued)

We are investigating a cyber incident and are assessing whether personal information has been affected. At this stage, we do not have evidence confirming unauthorised disclosure. We will notify affected individuals if required.

Draft B — If threshold met

We have identified unauthorised access to personal information. We recommend affected individuals take the following steps... [No mention of ransom, attackers, or numbers]