Communities and Justice

Have your say on the response to data breaches

Last published on 25 Jul 2019 

The Department of Communities and Justice is inviting feedback on how NSW public sector agencies respond to privacy breaches and manage personal information.

The Mandatory Notification of Data Breaches by NSW Public Sector Agencies Discussion Paper sets out specific questions for interested individuals and organisations to consider, including whether a mandatory reporting scheme should be introduced and if so, how it should operate.

In NSW, the Privacy and Personal Information Protection Act 1998(NSW) governs how public sector agencies manage personal information.

Currently, NSW privacy laws do not require public sector agencies to notify the NSW Privacy Commissioner when a data breach occurs, however agencies are encouraged to voluntarily report data breaches when there is a real risk of serious harm.

Personal information NSW public sector agencies can collect and store ranges from an individual’s name, address and date of birth, to health and financial records, video and audio footage, fingerprints and body samples.

To read the discussion paper and for details on how to make a submission, visit NSW Have your say or Mandatory data breach notification

The deadline for submissions is Friday, 23 August 2019.

Last updated:

24 Nov 2021