59MPublic sector agencies must immediately notify eligible data breach

#### 59M Public sector agencies must immediately notify eligible data breach 59M Public sector agencies must immediately notify eligible data breach > > (1) The head of a public sector agency must, in the approved form, immediately notify the Privacy Commissioner of the eligible data breach. > > > (2) The approved form must request the following information be provided in relation to the eligible data breach— > > > > > (a) the information specified in section 59O, other than the information specified in section 59O(e), > > > > > (b) a description of the personal information that was the subject of the breach, > > > > > (c) whether the head of the agency is reporting on behalf of other agencies involved in the same breach, > > > > > (d) if the head of the agency is reporting on behalf of other agencies involved in the same breach—the details of the other agencies, > > > > > (e) whether the breach is a cyber incident, > > > > > (f) if the breach is a cyber incident—details of the cyber incident, > > > > > (g) the estimated cost of the breach to the agency, > > > > > (h) the total number, or estimated total number, of individuals— > > > > > > > (i) affected or likely to be affected by the breach, and > > > > > > > (ii) notified of the breach, > > > > > (i) whether the individuals notified under section 59N(1) have been advised of the complaints and internal review procedures under the Act. > > > (3) The information requested by the approved form must be completed unless it is not reasonably practicable for the information to be provided. > > **s 59M:** Ins 2022 No 74, Sch 1\[11\].