sec.72Agency must keep register

### sec.72 Agency must keep register An agency must keep a register of eligible data breaches of the agency. The register must include the following information for each eligible data breach— a description of the eligible data breach, including the type of data breach under section 47 ; if a statement is required for the eligible data breach under section 51 —the date the statement is provided; if further information about the eligible data breach is required to be given to the information commissioner under section 52 —each date the further information is given; if individuals are notified of the eligible data breach under section 53 (1) (a) or (b) —the individuals notified and the date and method used to notify the individuals; if the agency relied on an exemption under part 3 , division 3 —the exemption relied on; details of the steps taken by the agency to— contain the eligible data breach under section 48 (2) (a) or (4) (a) ; and mitigate the harm caused by the eligible data breach under section 48 (4) (a) ; details of the actions taken by the agency to prevent future data breaches of a similar kind occurring. If it is not practicable to include any or all of the information mentioned in subsection (2) for an eligible data breach at a particular time, the agency must record the information in the register as soon as it is practicable to do so. s 72 sub 2023 No. 32 s 33 (sec.72-ssec.1) An agency must keep a register of eligible data breaches of the agency. (sec.72-ssec.2) The register must include the following information for each eligible data breach— a description of the eligible data breach, including the type of data breach under section 47 ; if a statement is required for the eligible data breach under section 51 —the date the statement is provided; if further information about the eligible data breach is required to be given to the information commissioner under section 52 —each date the further information is given; if individuals are notified of the eligible data breach under section 53 (1) (a) or (b) —the individuals notified and the date and method used to notify the individuals; if the agency relied on an exemption under part 3 , division 3 —the exemption relied on; details of the steps taken by the agency to— contain the eligible data breach under section 48 (2) (a) or (4) (a) ; and mitigate the harm caused by the eligible data breach under section 48 (4) (a) ; details of the actions taken by the agency to prevent future data breaches of a similar kind occurring. (sec.72-ssec.3) If it is not practicable to include any or all of the information mentioned in subsection (2) for an eligible data breach at a particular time, the agency must record the information in the register as soon as it is practicable to do so. - (a) a description of the eligible data breach, including the type of data breach under section 47 ; - (b) if a statement is required for the eligible data breach under section 51 —the date the statement is provided; - (c) if further information about the eligible data breach is required to be given to the information commissioner under section 52 —each date the further information is given; - (d) if individuals are notified of the eligible data breach under section 53 (1) (a) or (b) —the individuals notified and the date and method used to notify the individuals; - (e) if the agency relied on an exemption under part 3 , division 3 —the exemption relied on; - (f) details of the steps taken by the agency to— (i) contain the eligible data breach under section 48 (2) (a) or (4) (a) ; and (ii) mitigate the harm caused by the eligible data breach under section 48 (4) (a) ; - (i) contain the eligible data breach under section 48 (2) (a) or (4) (a) ; and - (ii) mitigate the harm caused by the eligible data breach under section 48 (4) (a) ; - (g) details of the actions taken by the agency to prevent future data breaches of a similar kind occurring. - (i) contain the eligible data breach under section 48 (2) (a) or (4) (a) ; and - (ii) mitigate the harm caused by the eligible data breach under section 48 (4) (a) ;