Mandatory Notification of Data Breach Scheme

On 28 November 2023, amendments to the Privacy and Personal Information Protection Act 1998 (NSW) take effect that establish a Mandatory Notification of Data Breach (MNDB) Scheme.

Under the MNDB Scheme, NSW public sector agencies must notify the Privacy Commissioner and affected individuals of eligible data breaches (unless a relevant exemption applies).

Other key obligations for agencies under the MNDB Scheme include:

  • Preparing and publishing a Data Breach Policy outlining the Department’s strategy for managing and responding to data breaches which must be publicly accessible
  • Containing and assessing suspected breaches
  • Establishing and maintaining an internal register for eligible data breaches
  • Maintaining and publishing a public notification register for any public data breach notifications that the agency has issued.

This webpage is currently under construction and will be continually updated to ensure that the Department of Communities and Justice complies with the requirements of the MNDB Scheme.

Last updated:

27 Jul 2023

Was this content useful?
We will use your rating to help improve the site.
This field is required
Please don't include personal or financial information here
This field is required
Please don't include personal or financial information here

We acknowledge Aboriginal people as the First Nations Peoples of NSW and pay our respects to Elders past, present, and future. 

Informed by lessons of the past, Department of Communities and Justice is improving how we work with Aboriginal people and communities. We listen and learn from the knowledge, strength and resilience of Stolen Generations Survivors, Aboriginal Elders and Aboriginal communities.

You can access our apology to the Stolen Generations.

Top Return to top of page Top