Skip to Content

Maintaining secure information and notifying us of information security incidents

The obligations and requirements for service providers to maintain secure information, and notify us when an actual or suspected information security incident is detected. This policy applies to all electronic and physical data storage.

What is an information security incident?

An information security incident is any failure that has caused or has the potential to cause unauthorised access, use, disclosure, destruction, loss and/or alteration of data held by your organisation. It applies to data and records held in your ICT systems as well as records held in physical files.

Our interest is in incidents that involve the personal information about clients and their families, along with related program data, held by your organisation for the services you’re contracted to provide for DCJ.

Information security incidents could be the result of hacking of your ICT system or data theft, or the result of human or technical error, or misadventure.

Some examples of information security incidents are:

  • deliberate interference with, or unauthorised accessing of electronic or physical records
  • loss of electronic and/or physical records as a result of a fire or flood
  • theft or loss of mobile storage devices, such as a USB or laptop
  • an email involving client information sent to the wrong person
  • unauthorised staff accidentally or deliberately accessing restricted documents
  • someone from your organisation improperly sharing, or providing access to, sensitive information with a third party.
Was this content useful?
Your rating will help us improve the website.
Last updated: 15 Feb 2021