Data Breach & Incident Response Policy
Last updated: July 2026
1. Purpose
This policy describes how we assess, contain, and notify suspected or confirmed data breaches, consistent with the Notifiable Data Breaches (NDB) scheme under the Privacy Act 1988 (Cth).
2. Detection and containment
Suspected incidents are investigated immediately on detection. Where personal or clinical information may be at risk, access is restricted and the affected system is contained as a first step.
3. Assessment
We assess whether a breach is likely to result in serious harm. Where it is, affected individuals and the Office of the Australian Information Commissioner (OAIC) are notified as required by law.
4. Notification
If you’re affected by a breach that requires notification, we’ll tell you what happened, what information was involved, and what steps we’re taking — as early as reasonably possible.
5. Prevention
Access controls, encryption, and audit logging described in our Privacy Policy are designed to reduce the likelihood and impact of a breach in the first place.
6. Reporting a suspected breach
If you believe your account or information has been compromised, contact security@anytimecounselling.com.au immediately.