Consultation opens on mandatory reporting of privacy breaches

Last published on 19 Jul 2019 

The NSW Department of Communities and Justice is urging the community to have its say on how government agencies respond to data breaches as part of a discussion paper that was released today.

The paper, Mandatory Notification of Data Breaches by NSW Public Sector Agencies, is aimed at seeking feedback on:

• whether NSW public sector agencies should be required to notify the NSW Privacy Commissioner and affected individuals if a breach of privacy occurs; and
• how the key elements of a mandatory notification scheme should operate (if implemented in NSW).

The NSW Privacy Commissioner already encourages agencies to report data breaches voluntarily when there is a real risk of serious harm to an individual.

The Commonwealth Government’s mandatory Notifiable Data Breaches Scheme (introduced in February 2018) applies to federal government agencies.

Stakeholders now have an opportunity to have their say on whether, and if so, how a mandatory notification scheme should operate in NSW.

The discussion paper is available at Have your say.

Individuals and organisations interested in providing feedback should send it to policy@justice.nsw.gov.au or Mandatory Notification of Data Breaches by NSW Public Sector Agencies, Policy Reform and Legislation, NSW Department of Communities and Justice, GPO Box 31, Sydney, 2001.

Submissions close on Friday 23 August 2019.