Data Breach Policy

1. OVERVIEW

At Elite Property Consulting, we manage highly sensitive financial and personal data for our clients. This policy sets out our procedures for managing a data breach, ensuring we act with the same discretion and precision in a crisis as we do during a property acquisition. Our priority is to protect client confidentiality and comply with the Notifiable Data Breaches (NDB) scheme under the Privacy Act 1988 (Cth).

2. DEFINITION OF A DATA BREACH

A data breach occurs when personal or sensitive information held by Elite Property Consulting is subject to unauthorised access, disclosure, or is lost in circumstances where unauthorised access or disclosure is likely to occur. This includes:

  • Malicious acts: Such as cyber-attacks, "phishing", or theft of physical devices.

  • Human error: Such as sending a confidential contract or budget to the wrong recipient.

  • System failure: Unintentional exposure of data due to technical glitches.

3. THE FOUR-STEP RESPONSE PLAN

In the event of a suspected breach, we follow the Office of the Australian Information Commissioner (OAIC) best-practice framework:

Phase 1: Containment

The moment a breach is suspected, we take immediate steps to stop the unauthorised access. This includes:

  • Securing our IT systems and changing all administrative passwords.

  • Remotely wiping lost or stolen mobile devices.

  • Recalling misaddressed emails where possible.

Phase 2: Assessment

We will conduct an expedited assessment to determine if the breach is likely to result in serious harm to any individual. "Serious harm" in the context of our $10M+ clients may include financial loss, identity theft, or significant reputational damage.

Phase 3: Notification

If we determine that an "Eligible Data Breach" has occurred (one likely to result in serious harm), we will:

  • Notify the OAIC: Provide a formal statement via the Notifiable Data Breach form.

  • Notify Affected Clients: We will communicate directly and discreetly with affected individuals, providing a clear explanation of what happened, the data involved, and our recommended steps for protection.

Phase 4: Review

Following any incident, we conduct a "root cause" analysis. We update our security protocols, refine our internal training, and, where necessary, upgrade our encryption and storage technologies to prevent a recurrence.

4. ELIGIBLE DATA BREACHES & THE LAW

Under Australian law, we are required to notify the OAIC and the affected individuals if:

  1. There is unauthorised access to, or disclosure of, personal information.

  2. This is likely to result in serious harm to one or more individuals.

  3. We have not been able to prevent the likely risk of serious harm with remedial action.

5. DATA SECURITY PROTOCOLS

To mitigate the risk of a breach, Elite Property Consulting employs:

  • Encrypted Communication: Use of secure, encrypted platforms for sharing financial proof of funds and contracts.

  • Multi-Factor Authentication (MFA): Mandatory MFA on all company accounts and CRM systems.

  • Strict Access Control: Access to sensitive client "wish lists" and budgets is restricted to authorised personnel only.

6. CONTACT FOR DATA CONCERNS

If you suspect your data has been compromised or have questions regarding our security measures, please contact our Privacy Officer immediately: