HomePricingSecurityBlogsPolicies
Sign In
Get Started

Breach Notification Policy

Last Updated: 08/03/2025

Ezyiah is committed to maintaining the security of your personal information and adhering to Australian privacy laws. This Breach Notification Policy outlines our procedures for responding to data breaches and notifying affected users. By using Ezyiah, you agree to this Policy. Please read it carefully.

1. Purpose of the Policy

The purpose of this Breach Notification Policy is to outline Ezyiah’s approach to detecting, responding to, and notifying users of data breaches in compliance with the Privacy Act 1988 (Cth) and the Notifiable Data Breaches (NDB) scheme. This Policy ensures transparency and accountability in the event of a data breach.

2. Scope of the Policy

This Policy applies to all users of the Ezyiah platform, including individual taxpayers, business owners, and tax professionals. It covers all personal information collected, processed, and stored by Ezyiah, including user data, financial information, and documents.

3. Definition of a Data Breach

A data breach occurs when personal information held by Ezyiah is accessed, disclosed, or lost in a manner that is unauthorized or accidental, resulting in potential harm to the individual(s) affected. This may include:

  • Unauthorized Access: Access by individuals who do not have permission to view the data.
  • Unauthorized Disclosure: Data is shared with third parties without user consent.
  • Data Loss: Personal information is lost or cannot be recovered, potentially exposing it to unauthorized access.

4. Detection and Monitoring

Ezyiah has robust systems in place to detect and monitor potential data breaches:

  • Automated Alerts: Our systems use automated monitoring tools to detect unusual activity and potential breaches.
  • Regular Audits: We conduct regular security audits and vulnerability scans to identify risks and enhance our data protection measures.
  • Incident Response Team: Ezyiah has a dedicated incident response team trained to handle data breaches swiftly and effectively.

5. Incident Response Procedure

Upon detecting a potential data breach, Ezyiah follows a structured response procedure:

  • Initial Assessment: The incident response team conducts an immediate assessment to determine the nature and scope of the breach.
  • Containment and Mitigation: Steps are taken to contain the breach and mitigate any further risk to user data.
  • Root Cause Analysis: We investigate the root cause of the breach to prevent recurrence and implement corrective measures.

6. Criteria for Notifiable Data Breaches

Under the Notifiable Data Breaches (NDB) scheme, Ezyiah is required to notify affected individuals and the Office of the Australian Information Commissioner (OAIC) if the data breach is likely to result in serious harm. Serious harm may include:

  • Identity Theft: Risk of identity theft or fraud due to compromised personal information.
  • Financial Loss: Potential financial loss or economic harm to the affected individuals.
  • Emotional Distress: Risk of psychological harm, such as distress or reputational damage.

7. Notification Process

If a data breach meets the criteria for notification, Ezyiah will take the following steps:

  • User Notification: Affected users will be notified as soon as possible, providing clear and comprehensive information about the breach, including:
    • The nature of the breach.
    • The type of personal information involved.
    • Steps users can take to protect themselves from potential harm.
    • Contact details for further assistance.
  • Notification to OAIC: Ezyiah will submit a breach notification to the Office of the Australian Information Commissioner (OAIC), including details of the breach and our response measures.

8. How Users Will Be Notified

Ezyiah uses multiple channels to ensure timely and effective communication with affected users:

  • Email Notification: Users will receive an email with detailed information about the breach and recommended actions.
  • In-App Alerts: Notifications may also be displayed within the Ezyiah platform to alert users of the incident.
  • Customer Support: Our support team will be available to assist users with any concerns or questions following the notification.

9. User Responsibilities Following a Breach Notification

Users play a key role in mitigating potential harm following a breach notification:

  • Monitor Accounts: Users should monitor their Ezyiah account and any linked financial accounts for suspicious activity.
  • Change Passwords: We recommend changing passwords and enabling two-factor authentication (2FA) to enhance security.
  • Report Suspicious Activity: If users notice any unusual activity, they should report it immediately to [email protected].

10. Preventive Measures and Continuous Improvement

Ezyiah is committed to preventing data breaches and improving our security measures:

  • Regular Security Assessments: We conduct regular penetration testing, vulnerability scans, and security audits to identify and address potential risks.
  • Staff Training: Our employees receive ongoing training on data protection, privacy compliance, and breach response protocols.
  • Enhanced Monitoring: We continuously update our monitoring tools and systems to detect and respond to potential breaches more effectively.

11. Compliance with Australian Law

Ezyiah’s breach response procedures comply with the Notifiable Data Breaches (NDB) scheme under the Privacy Act 1988 (Cth):

  • Timely Notification: We ensure timely notification to affected individuals and the OAIC as required by law.
  • Record-Keeping: Ezyiah maintains detailed records of all data breaches, including the investigation process, outcomes, and actions taken.

12. Changes to the Breach Notification Policy

Ezyiah may update this Breach Notification Policy periodically to reflect changes in legal requirements or our data protection practices. Users will be notified of any significant updates. Continued use of the platform indicates acceptance of the revised Policy.

13. Governing Law

This Breach Notification Policy is governed by the laws of the State of Victoria, Australia. Any disputes arising from this Policy will be subject to the exclusive jurisdiction of the Victorian courts.

14. Contact Information

If you have any questions, concerns, or need to report a potential data breach, please contact us at:

By using Ezyiah, you acknowledge that you have read, understood, and agree to this Breach Notification Policy. We are committed to protecting your data and ensuring transparency in the event of a data breach.