Skip to content

Notifiable Data Breaches process

Oiva operates under the Notifiable Data Breaches (NDB) scheme under the Privacy Act 1988 (Cth).

Where Oiva has reasonable grounds to believe an eligible data breach has occurred that is likely to result in serious harm to any individual, we will:

  1. Notify affected individuals as soon as practicable.
  2. Notify the Office of the Australian Information Commissioner (OAIC).
  3. Publish a statement on this page where public notification is appropriate.

Our full Incident Response Plan — including severity model, notification runbook, and tabletop schedule — is available to enterprise customers under non-disclosure agreement via the authenticated portal.

Contact for breach notification: privacy@oiva.com.au