Automatic language translation
Our website uses an automatic service to translate our content into different languages. These translations should be used as a guide only. See our Accessibility page for further information.
The process of resolving an information security incident or data breach is likely to take time. How much time depends on how soon you can provide the data and information we require to determine the extent of the incident and plan what’s needed to resolve it.
It’s important that both our organisations act quickly. Generally, the quicker a data breach is properly assessed and any risk is mitigated, the less impact on everyone, including clients.
When you’ve reported an incident to us, what you need to do and the actions that need to be taken will depend on the nature and seriousness of the incident, as well as any requirements specified in your contract with us.
In serious cases, DCJ may actively work with you to manage the incident. This is likely if the incident involves a cyber-attack on your ICT systems or loss of client data.
Please provide as much information that’s known when you submit the notification of incident form. If further information is required, DCJ may request an initial meeting urgently, especially if it appears the incident involves a data breach due to a cyber-attack.
The purpose of such a meeting is to clarify any information to:
This information will help us determine the level of risk that we’re dealing with, assess who needs to be involved (from both our organisations), and understand the urgency with which we need to act.
There may be a broad team of DCJ people from a number of areas assembled for this initial meeting. This is to ensure we’re able to provide the best level of advice and support for your organisation, and ensure that we’re protecting your organisation’s, the department’s, and our clients’ data.
The more we know, the quicker and more effectively we can work together to respond effectively to the incident. We have to act quickly, as a speedy response helps eliminate or mitigate further risk, and DCJ is under very tight legislative timeframes to assess a data breach.
The DCJ team may have a lot of questions, and you may not be able to answer them immediately, depending on how much you’ve learned from your investigation so far.
We’ll require your organisation to confirm or clarify the information you reported on the notification form. For example:
If the incident is serious and involves a cyber-attack or breach of your organisation’s ICT systems, we may have to take mitigation actions; for example, temporarily restrict your organisation’s access to DCJ’s electronic systems, or look for an alternative way to send data to you.
If client data is involved, your lead DCJ contract manager and their senior manager will work with your organisation to decide on the appropriate action to be taken. This may require further information about the personal and/or health information of clients that may have been affected, and we may require the names of individuals whose data may have been compromised.
The process of resolving an information security incident may be overwhelming. DCJ is solution focused and committed to working together with your organisation to resolve the information security incident or data breach without any blame and as quickly as possible to avoid further risk and work.
We understand that actions required to deal with the incident will take your time away from other operations matters.
If you have cyber insurance, depending on the type of cover, you may be eligible for assistance in investigating and dealing with the incident from your insurer.
If the breach is serious, DCJ will form a ‘data breach response team’ (response team) comprising representatives from a range of areas. The response team may require regular meetings with your organisation’s representatives over several weeks, or even months.
Depending on the nature of the incident, the response team assisting your DCJ contract manager may consist of representatives from:
Other parties may be engaged by the response team, as required; for example, the NSW Privacy Commissioner, ID Support and iCare.
While your DCJ contract manager is the central point of contact between your organisation’s representatives and our response team, your representatives are expected to work with everyone in team.
If anyone from our response team needs to contact you to obtain further information and/or to provide assistance to you, it will be in consultation with lead DCJ contract manager.
We’d expect to work with your:
The amount of time you’re expected to work with DCJ depends on:
If the incident is assessed as an eligible data breach under the Mandatory Notification of Data Breach scheme, we’ll work with you and DCJ Legal to inform the NSW Privacy Commissioner and plan how to notify affected individuals (if required).
Depending on the nature of the incident, we may ask you to undertake an information security assessment. If necessary, we’ll work with you to determine the most appropriate steps to take to ensure program data and client information are protected, including implementing remedial actions.
For serious incidents, we may document the remedial actions required in a formal improvement plan, which we’d work with you to develop. In less serious cases, we may agree to an informal plan of improvements to your information security practices, and monitor your progress at regular contract meetings.
14 Mar 2025