Home / Checklists / Data breach response playbook — readiness checklist (AU)
AU · Regulatory

Data breach response playbook — readiness checklist (AU)

Data breach playbooks are only useful if they run cleanly under pressure. This checklist covers the 12 components a mature playbook should contain — from detection to post-incident review.

In short

This is a 12-step readiness checklist for an Australian data breach response playbook. It covers the Notifiable Data Breaches (NDB) scheme, the 30-day assessment window, OAIC and affected individual notifications, third-party contracts, and post-incident review. Use it as an annual playbook audit before an incident occurs.

Run this checklist with Quillio — free trial
12-step checklist

The checklist

1

Roles and decision authority

Define the incident response team — legal, IT security, communications, operations — and a single decision-maker.

2

Detection and escalation

Define detection inputs (SIEM, helpdesk, customer complaints) and escalation thresholds. Include weekend/off-hours coverage.

3

Containment actions

Pre-scripted containment — access revocation, credential reset, network segmentation, system isolation.

4

Evidence preservation and forensics

Procedures to preserve volatile and stored evidence; panel of forensic providers pre-engaged under MSA.

5

NDB scheme 30-day assessment

Document the assessment process within the 30-day window — is there an eligible data breach requiring notification?

Privacy Act 1988 (Cth) s 26WH
6

Likely serious harm assessment

Test the "likely serious harm" threshold — considering the type of information, safeguards, and the risk of harm.

Privacy Act 1988 (Cth) s 26WG
7

OAIC notification draft

Pre-drafted notification covering the mandatory content — description of breach, information involved, recommended steps.

Privacy Act 1988 (Cth) s 26WK
8

Affected individual communications

Pre-approved messaging templates for affected individuals, support lines, and identity protection offers.

9

Regulator and law enforcement map

Map other regulators to notify — ASIC, APRA, ACSC/ASD, state regulators. Include law enforcement and foreign regulators (GDPR, etc).

10

Third-party and vendor contract handles

Review vendor contracts for incident notification obligations and cooperation. Keep a contact directory.

11

Executive and board communication

Board/exec briefing template, including continuous disclosure analysis for listed entities.

Corporations Act 2001 (Cth) s 674
12

Post-incident review and uplift

Post-incident review template — root cause, lessons learned, uplift plan and owners. Feed back into the playbook.

When to use

When this checklist applies

Use this checklist as an annual audit of the data breach playbook, and after every major incident or near-miss. Run a tabletop exercise at least annually.

Common pitfalls

  • Playbook drafted but never rehearsed — first run during a real incident
  • Missing NDB assessment methodology — time wasted debating in-flight
  • No pre-drafted OAIC notification content — delays submission
  • Vendor contracts with weak incident notification obligations
  • Listed entity with no continuous disclosure analysis baked into playbook
Use with Quillio

Run this checklist on a real matter

Quillio drafts data breach playbooks, runs tabletop scenarios, and generates the NDB notification pack under time pressure. See /practice-areas/commercial-lawyers or start a free trial.

This checklist is a readiness audit. In a live incident, obtain specialist privacy and cyber legal advice and engage a panel forensic provider.

Use this checklist on your matter.

Quillio can run this checklist on a specific NSW conveyancing matter — confirm each item, calculate adjustments, and generate the supporting documents. The free trial requires no credit card.

Start your free trial