Data breach assistance for individuals and organisations.
Whether your personal information was in someone else’s breach or your organisation has just discovered records have been exposed, AICS members work through containment, notification and remediation properly.
For individuals
If your name has appeared in a notifiable data breach, AICS practitioners help you understand exactly what information was exposed, what risk that creates, and the concrete steps to harden the accounts and identifiers that touch the exposed data. The institute does not push you toward expensive packaged “monitoring” – you are advised on what actually helps for your specific exposure.
For organisations
For organisations, AICS members support the response your obligations and your circumstances require: scoping the breach, identifying affected individuals, preparing OAIC notification material under the Notifiable Data Breaches scheme where applicable, board reporting, and the technical remediation that closes the breach. Where the breach intersects with a regulator, insurer, contractual obligation or litigation risk, AICS practitioners can be retained as the independent expert separate from the IT vendor whose configuration may be in question.
Scope
What was actually accessed, by whom, when, and what they could do with it.
Notify properly
The right people, the right authority, with the right material. Under-notifying is its own problem; over-notifying is also.
Remediate
Close the breach path, not just the symptom. Audit the controls that should have caught it.
Independent expert
Where the breach is contested or sits inside a dispute, AICS members can be retained as the independent expert.
