#### 26WH Assessment of suspected eligible data breach Scope (1) This section applies if: (a) an entity is aware that there are reasonable grounds to suspect that there may have been an eligible data breach of the entity; and (b) the entity is not aware that there are reasonable grounds to believe that the relevant circumstances amount to an eligible data breach of the entity. Assessment (2) The entity must: (a) carry out a reasonable and expeditious assessment of whether there are reasonable grounds to believe that the relevant circumstances amount to an eligible data breach of the entity; and (b) take all reasonable steps to ensure that the assessment is completed within 30 days after the entity becomes aware as mentioned in paragraph (1)(a). > Note: Section 26WK applies if an entity is aware that there are reasonable grounds to believe that there has been an eligible data breach of the entity.

Previous section26WGWhether access or disclosure would be likely, or would not be likely, to result in serious harm—relevant matters Next section26WJException—eligible data breaches of other entities

Section 26WH - Privacy Act 1988 - Assessment of suspected eligible data breach — Zoe