59DMeaning of eligible data breach and affected individual

#### 59D Meaning of eligible data breach and affected individual 59D Meaning of eligible data breach and affected individual > > (1) For the purposes of this Part, an eligible data breach means— > > > > > (a) there is unauthorised access to, or unauthorised disclosure of, personal information held by a public sector agency and a reasonable person would conclude that the access or disclosure of the information would be likely to result in serious harm to an individual to whom the information relates, or > > > > > (b) personal information held by a public sector agency is lost in circumstances where— > > > > > > > (i) unauthorised access to, or unauthorised disclosure of, the information is likely to occur, and > > > > > > > (ii) if the unauthorised access to, or unauthorised disclosure of, the information were to occur, a reasonable person would conclude that the access or disclosure would be likely to result in serious harm to an individual to whom the information relates. > > > (2) An individual specified in subsection (1)(a) or (1)(b)(ii) is an affected individual. > > > (3) To avoid doubt, an eligible data breach may include the following— > > > > > (a) a data breach that occurs within a public sector agency, > > > > > (b) a data breach that occurs between public sector agencies, > > > > > (c) a data breach that occurs by an external person or entity accessing data held by a public sector agency without authorisation. > > **s 59D:** Ins 2009 No 54, Sch 1 \[1\] (transferred from the Freedom of Information Act 1989 No 5). Renumbered and am 2009 No 54, Sch 1 \[1\]–\[11\]). Rep 2010 No 71, Sch 1 \[10\]. Ins 2022 No 74, Sch 1\[11\].