Perth Council Data Breach - How to Report (WA)

Technology and Data Western Australia 3 Minutes Read · published February 11, 2026 Flag of Western Australia

Perth, Western Australia residents who suspect a council data breach should act promptly to limit harm and secure remedies. This guide explains how to report breaches involving personal information held by the City of Perth or other local authorities, what departments handle complaints, and the practical steps for reporting, preserving evidence and seeking review.

Immediate steps to report a suspected council data breach

If you discover or are notified of a breach that affects your personal information, follow these actions promptly.

  • Preserve evidence: keep copies of emails, screenshots and any notice you received.
  • Contact the council’s complaints or privacy contact to report the incident and request confirmation of receipt.
  • Note dates and times of discovery, disclosure and any steps taken by the council.
  • Change passwords and monitor accounts for unauthorised activity if online credentials may be affected.
Report quickly to preserve evidence and to trigger formal response steps.

Penalties & Enforcement

Enforcement for personal information breaches can involve both the council’s internal processes and external regulators. Exact fines or civil penalties for local council breaches are not always stated on council pages; enforcement options depend on the controlling instrument and whether the breach falls under federal Privacy Act or state rules. For general data-breach response and regulator powers, see official guidance.OAIC data breach guidance[1]

  • Monetary fines: not specified on the cited City pages; federal civil penalties under the Privacy Act may apply where relevant.
  • Escalation: first and repeat offence ranges are not specified on the cited council pages and depend on the regulator and statutory regime.
  • Non-monetary sanctions: possible directions, determinations, compulsory remedial actions or court orders may be available through the regulator or courts.
  • Enforcer and complaint pathway: the City’s privacy or complaints team handles initial reports; external review can be sought from the Office of the Australian Information Commissioner for matters under the Privacy Act.[1]
  • Appeals and review: appeal routes and time limits depend on the applicable instrument; specific time limits are not specified on the cited council pages.
  • Defences/discretion: councils may consider lawful justification, reasonable steps taken to secure data or authorised disclosures; specifics are not published on the cited city pages.
If the council does not resolve your complaint, you can seek external review from the federal regulator where the Privacy Act applies.

Applications & Forms

No single, council-wide form for reporting a data breach is published on the general guidance pages; report via the council’s complaints or privacy contact channels and follow any instructions they provide. For governance and procedural guidance see the linked regulator page for data-breach response.[1]

Reporting process and what to include

When lodging a complaint or report with the council, include clear, verifiable details to help the council investigate promptly.

  • Describe the breach: what data was exposed, how you became aware, and who may be affected.
  • Provide dates and times: when the breach occurred and when you noticed it.
  • Attach evidence: copies of notices, screenshots, emails or messages.
  • Request confirmation: ask the council to confirm receipt and outline next steps and expected timeframes.
Keep a written record of every communication with the council about the breach.

Key steps to escalate or appeal

  • Follow the council’s internal complaints process first and request a written decision.
  • If unsatisfied and the matter falls under the Privacy Act, lodge a complaint with the Office of the Australian Information Commissioner for review.[1]
  • Where statutory penalties or court action are possible, seek legal advice for remedies and limitation periods.

FAQ

Who should I contact first if I suspect my data was exposed by the council?
Contact the City of Perth’s complaints or privacy contact immediately and provide details and evidence so the council can start an investigation.
Can I complain to an external regulator?
Yes. Where the Privacy Act applies, you can complain to the Office of the Australian Information Commissioner after internal steps; the OAIC guidance explains the process.[1]
Are there standard fines for council data breaches?
Standard fine amounts and escalation steps are not specified on the typical council pages; enforcement depends on the law that applies and the regulator’s powers.

How-To

  1. Identify and preserve evidence: copy emails, screenshots and any notices.
  2. Report to the council’s complaints or privacy contact with full details and request confirmation.
  3. Monitor accounts and change passwords where credentials are affected.
  4. If unsatisfied or covered by the Privacy Act, lodge a complaint with the Office of the Australian Information Commissioner.
  5. Consider seeking legal advice for compensation, injunctions or other remedies.

Key Takeaways

  • Report quickly to preserve evidence and trigger council processes.
  • Use the council’s complaints/privacy contact first, then consider external review.

Help and Support / Resources

  1. [1] Office of the Australian Information Commissioner - Data breach preparation and response

Categories

General Governance and Administration Public Safety Public Health and Welfare Land Use and Zoning Housing and Building Standards Transportation Environmental Protection Parks and Public Spaces Business and Consumer Protection Taxation and Finance Labor and Employment Education Civil Rights and Equity Elections and Campaign Finance Events and Special Uses Signs and Advertising Utilities and Infrastructure Technology and Data