ID: NDB-DRAFT-01
Title: Eligible Data Breach Statement Template
Audience: Privacy, Legal, Communications
Classification: Fictional Training - Internal

Use Condition
- Use only if the organisation has reasonable grounds to believe an eligible data breach has occurred.

Entity Details
- Organisation: [entity name]
- Contact point: [privacy / support contact]
- Date of statement: [date]

Statement Draft
- [Entity name] is notifying affected individuals about a data breach involving personal information.
- Based on current assessment, the incident involved [general description of incident].
- The kinds of personal information affected may include [categories of information].
- At this stage, the organisation recommends affected individuals [recommended mitigation steps].
- The organisation is continuing to investigate and will provide further updates if material facts change.

Drafting Checks
- Do not include speculation about attacker identity or motive.
- Describe the information involved by category, not by unnecessary detail.
- Focus on likely harm and practical mitigation steps for affected individuals.
- Ensure the same core wording is used in any OAIC submission and public-facing statement.