Data Breach Policy and Public Notification Register
Part 6A of the Privacy and Personal Information Protection Act 1998 (NSW) (the PPIP Act) sets out obligations of public sector agencies, including the Authority, in relation to data breaches involving personal information. These obligations include a requirement to prepare and publish a data breach policy and to keep a register of public notifications made to affected individuals.
About the Data Breach Policy
The Data Breach Policy outlines the approach taken by the Authority to compliance with the Mandatory Notification of Data Breach (MNDB) Scheme provisions outlined in Part 6A of the PPIP Act.
Further information and resources on the MNDB Scheme are available on the website of the NSW Information and Privacy Commission.
Register of Public Notifications
The PPIP Act requires the Authority to keep a register of all public notifications of eligible data breaches and to make that register available on its website.
A public notification is provided when it is not reasonably practicable to notify any or all of the individuals affected by the breach directly.
A register of all public notifications made by the Authority in the previous 12 months is below.
Public Reporting of Data Breaches
Members of the public can report suspected data breaches involving personal information held by the Authority using the contact form.