Privacy breach notification form

If you are aware of a potential privacy breach that has occurred at AUT please complete this form.

Provide information on the privacy breach below and complete all questions.

The information provided in this form will be used for reporting to the Privacy Commissioner if after assessment the privacy breach has caused or is likely to cause anyone serious harm.

Please contact a University Privacy Officer if you have any questions.

What is a privacy breach?

A privacy breach occurs when an organisation or individual either intentionally or accidentally:

  • Provides unauthorised or accidental access to someone's personal information
  • Discloses, alters, loses, or destroys someone's personal information
  • A privacy breach also occurs when someone is unable to access their personal information (for example, their account being hacked)

Are you an AUT student or a staff member? *

If you are an AUT staff member

If you are an AUT staff member
Please identify the type of privacy breach * Personal information means any information about an identifiable individual. The information does not need to name someone specifically if they are identifiable in other ways. This can include (but is not limited to): name, contact details, date of birth, image, log in details, opinion, employment information, health information and financial information.
Date of the privacy breach *
Date the privacy breach was identified (if different)
Is this privacy breach ongoing? *
  • How many people were affected by the privacy breach?
  • How did the privacy breach occur?
  • What caused the privacy breach?
  • The type(s) of personal information involved
  • Where the personal information has gone (if known)
  • Whether the privacy breach is based on error or malicious intent (if known)
1200 characters maximum.
  • Whether the affected individual(s) have been notified of the privacy breach
  • How were the affected individual(s) notified of the privacy breach?
  • When were the affected individual(s) notified of the privacy breach?
  • The response of affected individual(s) to the privacy breach (if known)
  • If the affected individual(s) have not been notified, the reasons why not? (If known)
  • Any planned actions to address or reduce the risk of harm following the privacy breach (if known)
1200 characters maximum.
  • If any other organisations were affected by the privacy breach
  • Any authorities that the privacy breach has been reported to
  • Any information related to security of the personal information (if known)
1200 characters maximum.
  • How sensitive is the personal information related to the privacy breach?
  • Who has obtained or may obtain the personal information?
  • What types of harm may be caused to the people affected by the privacy breach?
  • Is someone’s physical safety in immediate danger?
  • Is someone’s psychological safety at immediate risk?
  • Is someone at immediate risk of serious financial harm?
1200 characters maximum.
Declaration *