On 22 February 2018, changes to the Federal Privacy Act 1988 will bring a new Notifiable Data Breach (NDB) Scheme into force. This makes it compulsory for schools to notify specific types of data breaches to the individuals affected by the breach, and to the Office of the Australian Information Commissioner (OAIC).

A data breach occurs when personal information is lost or subject to unauthorised access, modification, disclosure, or other misuse or interference. Data breaches are not limited to cyber-attacks, but more commonly occur from human error or failure to follow information-handling policies that lead to personal information being lost or disclosed to the wrong person.

Not all data breaches will be NDBs. For there to be an eligible data breach, it should have the likelihood of resulting in serious harm to the affected individuals. Serious harm could include serious physical, psychological, emotional, economic and financial harm, as well as serious harm to reputation.

Studentnet has created its own Data Breach Plan to contain, assess and respond to data breaches, which has contact details for the appropriate staff, clarifies their responsibilities, and documents the processes for responding to a data breach.

School Privacy Staff Contact

Studentnet asks our customers to notify us of their own data privacy contact staff member, so we know who to liaise with in the event of a breach. Please enter details below, or email us directly at

School name:

Contact name:

Contact email:

Contact phone:

Message (optional):

Please tick the box below to prove you are human, then click SUBMIT:

NDB Resources

NDB Response Flowchart