Data Security Incident & Breach Reporting Policy

This policy sets out procedures for Niche Studio in the event that we experience a data breach (or suspect that a data breach has occurred). A data breach occurs when personal information is lost or subjected to unauthorised access, modification, use or disclosure or other misuse.

Niche Studio aims to comply with both Australian and any appropriate international laws when it comes to security, privacy and data management. This includes the Australian Privacy Act 1988.


If a user suspects there has been a data breach, the user must promptly report it to Niche Studio via

Users should report the time and date the suspected breach was discovered, the type of personal information involved, the cause and extent of the breach, and the context of the affected information and the breach. Types of breaches that should be reported:


On receiving a report of a data breach, Niche Studio will immediately notify the Security Official and Development Team to review and form a Response Team. The Response Team will determine if a data breach has occurred and undertake any immediate actions to contain the data breach if necessary. There is no single method of responding to a data breach. Data breaches must be dealt with on a case-by-case basis, by undertaking an assessment of the risks involved, and using that risk assessment to decide the appropriate course of action. There are four key steps to consider when responding to a breach or suspected breach.

  1. Contain the breach and do a preliminary assessment
  2. Evaluate the risks associated with the breach
  3. Notification
  4. Prevent future breaches

The response team should ideally undertake steps 1, 2 and 3 either simultaneously or in quick succession. The response team should refer to the Office of the Australian Information Commissioner’s (OAIC) Data breach notification: a guide to handling personal information security breaches which provides detail on each step. Whether or not there has been a data breach the Response Team will determine, what steps need to be taken to further investigate, remediate, and mitigate the incident and protect against future incidents. If a breach of sensitive information, including but not limited to PHI, user, reporting or outcomes has occurred, Niche Studio will give timely notices to affected individuals and government authorities, including the OAIC as appropriate and/or required. The notice will be given as soon as practicable.