Publication date: Thursday, 25 July 2019
The Department of Communities and Justice is inviting feedback on how NSW public sector agencies respond to privacy breaches and manage personal information.
Mandatory Notification of Data Breaches by NSW Public Sector Agencies Discussion Paper sets out specific questions for interested individuals and organisations to consider, including whether a mandatory reporting scheme should be introduced and if so, how it should operate.
In NSW, the
Privacy and Personal Information Protection Act 1998 (NSW) governs how public sector agencies manage personal information.
Currently, NSW privacy laws do not require public sector agencies to notify the NSW Privacy Commissioner when a data breach occurs, however agencies are encouraged to voluntarily report data breaches when there is a real risk of serious harm.
Personal information NSW public sector agencies can collect and store ranges from an individual’s name, address and date of birth, to health and financial records, video and audio footage, fingerprints and body samples.
To read the discussion paper and for details on how to make a submission, visit
the consultation page on the department's website.
The deadline for submissions is
Friday, 23 August 2019.