As part of the stronger regulatory approach of the Office of the Australian Information Commissioner (OAIC), there is a renewed focus by the national privacy regulator on organisations reporting more than 30 days after a data breach. This comes with a clarification that the clock starts ticking (the 30-day reporting obligation) from the moment “a …