Data Breach Response Policy

Last updated: 22 August 2025

1
Purpose

This policy outlines our approach to handling data security incidents in compliance with Australian privacy laws, particularly the Notifiable Data Breaches (NDB) scheme under the Privacy Act 1988.

2
What is a Data Breach?

A data breach occurs when personal information is:

Accessed or disclosed without permission
Lost where unauthorised access is likely
Modified without authorisation

3
Response Process

Immediate Actions

Containment: Stop the breach and secure affected systems
Assessment: Determine what data was involved and who was affected
Investigation: Understand how the breach occurred
Documentation: Record all actions and findings

Notification Requirements

We will notify relevant parties based on the severity and nature of the breach:

Regulatory Notification

Australian Privacy Commissioner: Within 72 hours if serious harm is likely
State Authorities: As required for educational institutions
Other Regulators: Based on specific data types and legal requirements

Individual Notification

Affected individuals notified when serious harm is likely
Clear explanation of what happened and what we’re doing about it
Practical steps individuals can take to protect themselves
Contact information for questions and support

4
Prevention

We work to prevent data breaches through:

Security by Design: Building security into our systems from the start
Regular Updates: Keeping all systems current with security patches
Access Controls: Limiting who can access personal information
Staff Training: Regular security awareness and privacy training
Platform Security: Leveraging enterprise-grade cloud security

Contact Information

For privacy and data breach related matters:

Privacy Officer: hello@axivus.com.au
General Support: hello@axivus.com.au
Security Issues: hello@axivus.com.au

Reporting a Security Concern

If you believe you’ve discovered a security vulnerability or potential data breach, please contact us immediately at hello@axivus.com.au.