Skip to content
Close
CONTACT US
CONTACT US
33212

 

AI POWERED SOLUTIONS BUILT FOR DYNAMICS 365 & POWER PLATFORM

PMO HUB
Aligning project work with business goals to empower executives for planning.
LEARN MORE
WORKFORCE HUB
Optimise your organisation's workforce to enhance productivity and performance.
LEARN MORE
SUPPLIER HUB
Enhance visibility and control performance of procurements, contracts and tenders.
LEARN MORE
PROJECT HUB P3M

Enabling executives and leaders to plan project work aligned to strategic priorities.

Learn More
TIMESHEET HUB
Simplify the way you manage and monitor employee working time and costs.
Learn More
CHANGE HUB
Enable leaders and teams to manage change with agility and precision.
Learn More
RISK HUB

Empower your entire organisations to effectively manage and mitigate risks. 

Learn More
ASSET HUB
Revolutionise the way you manage and conduct inspections of valuable assets.
Learn More
MICROSOFT PROJECT & PLANNER

Powerful, collaborative, scalable, and assisted by Copilot AI, the new Microsoft Planner is coming.

Learn More
Our Experienced Team of Software Developers Can Always Craft the Ultimate Solution For You.
DIGITAL ADOPTION
Keep up with the rapid pace of technological change and meet evolving customer expectations.
LEARN MORE
DEVELOPMENT
Increase productivity and improve the time to market with software applications ready to scale.
LEARN MORE
IMPLEMENTATION
Applying a fast iterative approach to implement software based on adopting and integrating practices.
LEARN MORE
SUPPORT
Increase productivity and drive more value with an outsourced IT support model.
LEARN MORE
123123
Our Experienced Team of Software Developers Can Always Craft the Ultimate Solution For You.
INSIGHTS
Explore deep analyses and expert perspectives on industry trends and innovations.
LEARN MORE
NEWS

Get the latest updates from Microsoft that shape the future of technology and business.

LEARN MORE
BLOGS

Dive into a rich resource of insights and expert advice from Microsoft and industry leaders.

LEARN MORE
UPCOMING EVENTS

Discover and register for our forthcoming webinars, workshops, and conferences.

LEARN MORE
44241

 

EMPOWER

THE DIGITAL FUTURE

WITH EXPERTISE

RGB_Logo-Horizontal white-4

 

Our Experienced Team of Software Developers Can Always Craft the Ultimate Solution For You.
MICROSOFT AI & COPILOT
Leverage ready made data-models and insights empowering your business to scale.
LEARN MORE
MICROSOFT DYNAMICS 365

Our Dynamics 365 expert team collaborates to design and implement scalable solutions.

LEARN MORE
NEW MICROSOFT PLANNER

Powerful, collaborative, scalable, and assisted by next generation AI, the new Microsoft Planner is coming.

LEARN MORE
MICROSOFT POWER PLATFORM
Certified and experienced developers help you craft the ultimate Power Platform solution.
LEARN MORE
REGISTER UPCOMING EVENTS

Register for upcoming events to explore innovative solutions with industry experts.

LEARN MORE
d12d

 

MICROSOFT

AI POWERED

TECHNOLOGIES

l2-png

 

Our Experienced Team of Software Developers Can Always Craft the Ultimate Solution For You.
OUR VALUES
We build long lasting trusted relationships and help digital transformation success.
LEARN MORE
OUR PARTNERS
We work across all industries with a strong focus on rapid digital transformation
LEARN MORE
FAQs
Find answers to common questions about our services, processes, and best practices.
LEARN MORE
OUR POLICIES

Our policies provide a reference point for our people and stakeholders on the standards.

LEARN MORE
d2d1

 

WE ARE

THE DIGITAL PROJECT

RGB_Logo-Horizontal white-4

 

Our Experienced Team of Software Developers Can Always Craft the Ultimate Solution For You.

Data Breach Policy

TABLE OF CONTENTS
loading...

1. Purpose

This policy describes how The Digital Project Corporation Pty Ltd will respond to a data breach, in adherence to the Privacy Act 1988.

It is The Digital Project Corporation Pty Ltd’s belief that clear roles, responsibilities and procedures will serve as the foundation as a comprehensive privacy program.

This policy outlines:

(a) the steps that The Digital Project Corporation Pty Ltd will take to contain, assess, notify, and review any data breaches that might occur; and

(b) Notifiable Data Breaches and how The Digital Project Corporation Pty Ltd will address them if they occur.

All The Digital Project Corporation Pty Ltd employees, officers, representatives or advisers (‘Employees’) are required to understand and act in accordance with this policy.

 

2. Data Breach Definition

A data breach occurs when personal information or intellectual property held by The Digital Project Corporation Pty Ltd is subject to unauthorised access, disclosure, modification, or is lost. Data breaches can occur in a number of ways, including but not limited to:

(a) Unauthorised Third-party security breaches (e.g. Hackers)

(b) Unauthorised access, disclosure or modification by Employees and users

(c) Data breaches of Third-party services used by The Digital Project Corporation Pty Ltd that affect user data

 

Specific to The Digital Project Corporation Pty Ltd’s business, the following have been identified as possible data breach sources:

(a) Accidental loss, unauthorised access, or theft of classified material data or equipment on which such The Digital Project Corporation Pty Ltd data is stored, such as company Laptops and USBs.

(b) Unauthorised use, access to, or modification of data on The Digital Project Corporation Pty Ltd’s Microsoft Office 365 tenancy.

(c) Accidental disclosure of The Digital Project Corporation Pty Ltd user data or intellectual property, such as via email to an incorrect address.

(d) Unauthorised data collection by third parties posing as The Digital Project Corporation Pty Ltd, e.g. Phishing Scam

(e) Failed or successful attempts to gain unauthorised access to The Digital Project Corporation Pty Ltd information or information systems

(f) Unauthorised data collection by third parties through Malware infections on The Digital Project Corporation Pty Ltd cloud databases, or hardware equipment.

 

3. What to do if a Data Breach is Suspected?

All The Digital Project Corporation Pty Ltd Employees who are aware of, informed of, or suspect a data breach must inform The Digital Project Corporation Pty Ltd’s IT team immediately. The IT team must then assess the suspected breach to determine whether or not a breach has in fact occurred. If a data breach has, in fact, occurred, then the IT team will manage the breach according to the steps outlined in the Data Breach Management Plan.

 

4. Data Breach Response Plan

In accordance with OAIC recommendations, the following steps will be taken in response to a verified Data Breach.

(a) Contain the breach as soon as possible. Containment is ensuring that the breach itself is stopped. How a breach is stopped would depend on the particular instance but can include:

(i) The suspension of compromised accounts;

(ii) Removal of malware, where identified;

(iii) Temporary platform downtime if necessary;

(iv) Recovering any lost data, if possible;

(v) Repairing unauthorised modification of data, if possible;

(vi) Restoring access to the platform when able.

(b) Assess the risks involved and the repercussions on respective stakeholders. The following may be considered in assessing the stakeholder risks:

(i) The type of information involved;

(ii) Establish the cause and the extent of the breach;

(iii) Assess the risk of harm to affected persons;

(iv) Assess the risk of other harms: reputational damage;

(v) Notify Management and Affected Individuals where appropriate;

(vi) Management must be notified of breaches as and when they occur, whether or not the breach is an eligible breach under the Notifiable Data Breach Scheme;

(vii) The Digital Project Corporation Pty Ltd is an APP 11 entity under the Privacy Act 1988 (Cth) and is and must, therefore, comply with its obligations under the Notifiable Data Breach Scheme;

(viii) Data Breaches that are not eligible under the Notifiable Data Breach Scheme need not be reported and may be addressed internally.

(c) Prevent future similar breaches through strengthening security infrastructures and/or policies

 

5. Notifiable Data Breach Scheme

Under the Notifiable Data Breach Scheme, The Digital Project Corporation Pty Ltd is obliged to report data breaches that satisfy the following criteria:

(a) there is unauthorised access to or unauthorised disclosure of personal information, or a loss of personal information, that The Digital Project Corporation Pty Ltd holds;

(b) That the unauthorised access to or disclosure of, or loss of personal information is likely to result in serious harm to one or more individuals; and

(c) The Digital Project Corporation Pty Ltd has not been able to prevent the likely risk of serious harm with remedial action.

For further information on how to assess a notifiable data breach, The Digital Project Corporation Pty Ltd must refer to the OAIC’s APP guidelines.

Where The Digital Project Corporation Pty Ltd suspects that an eligible breach has occurred, it must carry out a reasonable and expeditious assessment of the breach: s 26WH(2)(a) of the Privacy Act. Where possible, the assessment must be completed within 30 days of The Digital Project Corporation Pty Ltd becoming aware of information that causes it to suspect that an eligible breach has occurred. If The Digital Project Corporation Pty Ltd is unable to complete the assessment within 30 days, a written document must be written which addresses:

(a) how all reasonable steps have been taken to complete the assessment within 30 days;

(b) the reasons for the delay; and

(c) that the assessment was reasonable and expeditious.

Where an Eligible Breach has occurred, The Digital Project Corporation Pty Ltd must inform affected users AND the Privacy Commissioner. The Digital Project Corporation Pty Ltd is allowed to disclose eligible breaches to users in either of the following ways:

(a) It may notify all The Digital Project Corporation Pty Ltd users

(b) It may notify affected The Digital Project Corporation Pty Ltd users

(c) It may publish a notification on its website

Disclosure of eligible breaches to the Privacy Commissioner may be done by online form.

For more information on disclosing Eligible Breaches under the Notifiable Data Breach Scheme, please refer to the OAIC’s webpage on the topic.

 

6. Disciplinary Consequences

The Digital Project Corporation Pty Ltd reserves the right to monitor Employees’ use, access and modification of the company’s data, and initialise an investigation if cases where an employee conducts an action that is in breach of this policy.

All Employees should handle The Digital Project Corporation Pty Ltd’s data with due diligence in accordance with this policy and any related policies. If an employee’s action or omission that is prohibited under this policy causes a disruption of integrity to the data system or leads to a breach defined in the Privacy Act, the employee may face severe disciplinary action up to and including termination at the discretion of The Digital Project Corporation Pty Ltd.