Reading time: 5 minutes

A data breach occurs when something or someone:

  • gains unauthorised access to your app’s private and confidential information;
  • releases your app’s confidential information to the public or other similar group; or
  • misuses, destroys, loses, shares, or transforms your app’s private data without authorisation.

Third parties can use data breaches to harm either your business or your app’s users. Consequently, if you do not handle such a situation responsibly, you could face penalties under privacy law. So, it is vital you deal with a breach promptly and efficiently. Any business can fall victim to a data breach, so you should have a prepared breach response plan specific to your app and its circumstances. If not, this article will detail what you should do if your app experiences a data breach.

Contain and Limit the Breach

Firstly, you need to stop any further spread of your app’s data once you identify the breach. Take the breached servers offline and disconnect networks to stop any more information from being lost over the internet. However, do not turn off your systems completely. If you do, you can lose valuable evidence that will be useful for determining what caused the breach later on.

If you do not manage your app’s functioning yourself, your IT consultants can help you with this process. It may involve closing the app itself and securing it however possible. Such actions may include:

  • changing or cancelling access codes;
  • resetting passwords for compromised user accounts; 
  • determining whether you can retrieve any lost data; and
  • identifying weaknesses in your app’s security.

What exactly you need to do will depend on your app’s security and how the data breach has occurred.

Assess What the Breach Compromised

Once you are certain that no more information can be lost, you need to assess the breach’s damage to your app. Determine what kind of information the data breach involved, considering:

  • the type of information lost;
  • whether the information lost was personal information;
  • data sensitivity and risk levels;
  • potential harm this information could lead to;
  • what this data can show about your app to a third party; and
  • the risk of it spreading further.

If your data was encrypted, then that means it will be harder for any third parties to access it, limiting potential harm. You will also need to determine who has access to any lost data and the likelihood that they will spread it to third parties.

For example, if the data breach was an accidental minor disclosure to a trusted business partner, then there is a lower risk that they will misuse it accordingly.

Then, you should figure out what you can do to get the information back or limit any further harm occurring.

Determine What Caused the Breach

You will also need to evaluate your app’s security systems and access practices to determine what caused the breach in the first place. Your response will depend on whether the breach was:

  • part of a larger security problem; or
  • an isolated incident.

Once you have identified the problem, take steps to fix the cause to ensure it does not cause any further issues.

For instance, if an unnoticed flaw in your app’s coding caused the data breach, fix that mistake as soon as possible. Or, if a cyberattack compromised your app’s security systems, update those security measures to ensure it does not happen again.

Notify Any Relevant Parties

An important task to do in the event of a data breach is to notify all relevant parties that it has affected. Who these parties are will depend on the nature of the breach and the potential harm it can cause. If the breach involved personal information and it is likely to cause serious harm (or it already has), then you need to notify the:

  • person the personal information was about; and
  • Privacy Commission.

Whether the harm was serious enough will depend on your particular factual scenario. When there is no risk of further harm, you may not need to notify affected individuals if telling them will cause more harm than good.

Other parties you may need to notify include:

  • the police;
  • contractual partners;
  • media; or
  • the general public.

Again, these will vary depending on the seriousness of the breach.

Prevent Further Breaches

Once the immediate problem has passed, you need to look forward to determine how you can prevent similar data breaches in the future. It may be worthwhile to conduct a privacy or security audit of your app’s systems to find any potential flaws or risks. Additionally, you should update your security systems where necessary and review your business’ handling of the app to lower the risk of future breaches.

Key Takeaways

Your business’ app will likely deal with a lot of information, including both your business’ private data and customers’ personal data. If a data breach occurs, you need to act swiftly and efficiently to reduce its spread of harm. If you would like more information or help with managing a data breach in your app, contact LegalVision’s data, privacy, and IT lawyers on 0800 005 570 or fill out the form on this page.

Frequently Asked Questions

What is personal information?

Personal information is any data you can use to identify a living person. This definition applies to personal data you can use by itself or in combination with other information. Examples include names or phone numbers.

Who do I need to notify if I have a data breach?

If your data breach included personal information and was serious enough, you need to notify the Privacy Commission and the person the information was about.

About LegalVision: LegalVision is a commercial law firm that provides businesses with affordable and ongoing legal assistance through our industry-first membership.

By becoming a member, you'll have an experienced legal team ready to answer your questions, draft and review your contracts, and resolve your disputes. All the legal assistance your business needs, for a low monthly fee.

Learn more about our membership

Need Legal Help? Submit an Enquiry

If you would like to get in touch with our team and learn more about how our membership can help your business, fill out the form below.

Our Awards

  • 2019 Top 25 Startups - LinkedIn
  • 2020 Innovation Award 2020 Excellence in Technology & Innovation Finalist – Australasian Law Awards
  • 2020 Employer of Choice Award 2020 Employer of Choice Winner – Australasian Lawyer
  • 2020 Financial Times Award 2021 Fastest Growing Law Firm - Financial Times APAC 500
  • 2021 Law Firm of the Year Award 2021 Law Firm of the Year - Australasian Law Awards
  • 2020 Law Firm of the Year Finalist - Australasian Law Awards
  • 2022 Law Firm of the Year Winner 2022 Law Firm of the Year - Australasian Law Awards