Data Breach Policy

Last updated: [Date]

Our Commitment to Data Security

We are committed to protecting your personal information and maintaining the highest standards of data security. This policy outlines our approach to preventing and responding to data breaches, in adherence to the Privacy Act 1988.

What is a Data Breach?

A data breach occurs when personal information or intellectual property is subject to unauthorised access, disclosure, modification, or loss. This could include cyber attacks, accidental disclosure, or loss of devices containing personal information.

At MindWise Workplace Solutions, data breaches could occur in a number of ways, including but not limited to:

  • Unauthorised third-party security breaches (e.g., hackers)

  • Accidental disclosure by Dr. Katharine Smith or administrative support personnel

  • Data breaches of third-party services by MindWise Workplace Solutions that affect client data

  • Vendor management issues related to services contracted by MindWise Workplace Solutions, including electronic health records, telehealth platforms, and practice management software

Possible data breach sources include:

  • Accidental loss, unauthorised access, or theft of classified material data or equipment such as laptop, mobile devices, and portable storage devices

  • Unauthorised access to or modification of data on MindWise Workplace Solutions practice systems

  • Accidental disclosure of client data, such as via email to an incorrect address

  • Phishing attempts targeting MindWise Workplace Solutions credentials

  • Malware infections on MindWise Workplace Solutions devices or cloud systems

Prevention Measures

To prevent data breaches, MindWise Workplace Solutions maintains robust security measures including:

  • Maintaining client records securely in accordance with the APS Code of Ethics (2007) and APP requirements

  • Using secure electronic document management systems, with strong passwords and multi-factor authentication

  • Regularly conducting data backups and system updates

  • Using encrypted communications for all client information transfers

  • Regularly conducting security reviews and staff training

Data Breach Response

In the unlikely event of a data breach, MindWise Workplace Solutions will:

  1. Immediately document the suspected breach and take steps to contain the breach if possible

  2. Notify affected clients within 30 days if the breach may cause harm

  3. Report to relevant authorities as required by law

  4. Implement additional security measures to prevent future incidents

  5. Provide support and guidance to affected clients

Your Rights

If your personal information is involved in a data breach, you have the right to:

  • Be notified promptly about the breach

  • Receive information about what data was involved

  • Understand what steps MindWise Workplace Solutions is taking to address the issue

  • Lodge a complaint with us or external authorities

Contact Us

If you have concerns about data security or suspect a breach involving your information please contact us at contact@mindwiseworkplace.com.au

External Complaints 

Should you wish to lodge an official complaint, you may do so with the Office of the Australian Information Commissioner:

  • Phone: 1300 363 992 

  • Online: oaic.gov.au 

  • Post: Office of the Australian Information Commissioner, GPO Box 5288, Sydney, NSW 2001