§ 26B — Notifiable data breaches

26B.—(1) A data breach is a notifiable data breach if the data breach —(a)

results in, or is likely to result in, significant harm to an affected individual; or

(b)

is, or is likely to be, of a significant scale.[40/2020]

(2) Without limiting subsection (1)(a), a data breach is deemed to result in significant harm to an individual —(a)

if the data breach is in relation to any prescribed personal data or class of personal data relating to the individual; or

(b)

in other prescribed circumstances.[40/2020]

(3) Without limiting subsection (1)(b), a data breach is deemed to be of a significant scale —(a)

if the data breach affects not fewer than the prescribed number of affected individuals; or

(b)

in other prescribed circumstances.[40/2020]

(4) Despite subsections (1), (2) and (3), a data breach that relates to the unauthorised access, collection, use, disclosure, copying or modification of personal data only within an organisation is deemed not to be a notifiable data breach.[40/2020]

—(1) A data breach is a notifiable data breach if the data breach —(a)

results in, or is likely to result in, significant harm to an affected individual; or

(b)

is, or is likely to be, of a significant scale.[40/2020]

(2) Without limiting subsection (1)(a), a data breach is deemed to result in significant harm to an individual —(a)

if the data breach is in relation to any prescribed personal data or class of personal data relating to the individual; or

(b)

in other prescribed circumstances.[40/2020]

(3) Without limiting subsection (1)(b), a data breach is deemed to be of a significant scale —(a)

if the data breach affects not fewer than the prescribed number of affected individuals; or

(b)

in other prescribed circumstances.[40/2020]

(4) Despite subsections (1), (2) and (3), a data breach that relates to the unauthorised access, collection, use, disclosure, copying or modification of personal data only within an organisation is deemed not to be a notifiable data breach.[40/2020]