Ah yes, I am so very, intimately familiar with that Act 😅
If look into making a report to the institution, as I believe that is the first step. If emails are not BCC (as in the teacher/institution has sent an email to students, and only cc students, every student can see each other’s emails; BCC stops that, as an example), then that is a breach.
If identifying information of a student/students has been revealed in an email to multiple people, also a breach.
Again, first step is usually reporting it to the institution, some places do have an email to send privacy breaches to specifically, so a google for ‘privacy breach report’ + ‘institution name’ it may bring up that contact info.
Ah yes, I am so very, intimately familiar with that Act 😅
If look into making a report to the institution, as I believe that is the first step. If emails are not BCC (as in the teacher/institution has sent an email to students, and only cc students, every student can see each other’s emails; BCC stops that, as an example), then that is a breach.
If identifying information of a student/students has been revealed in an email to multiple people, also a breach.
Again, first step is usually reporting it to the institution, some places do have an email to send privacy breaches to specifically, so a google for ‘privacy breach report’ + ‘institution name’ it may bring up that contact info.
This page is also helpful and may have different info regarding reporting: https://www.oaic.gov.au/privacy/notifiable-data-breaches