A personal data breach is defined in the Law as a breach of security leading to accidental or unlawful destruction, loss or alteration of personal data or unauthorised disclosure of or access to personal data.
A breach can occur when personal data have been sent to the wrong person, there has been a cyber-attack on your organisations data, personal data have been lost etc.
Read about some common breach scenarios here.
Have a plan in place before that happens.
If you become aware of a breach, you are legally obliged to tell the ODPA within 72 hours after becoming aware unless the breach is unlikely to result in any harm to the individuals whose data are involved.