Justice Home > Media & news

Find information on how our essential services will continue to operate during the COVID-19 pandemic.

Have your say on the response to data breaches

Publication date: Thursday, 25 July 2019

The Department of Communities and Justice is inviting feedback on how NSW public sector agencies respond to privacy breaches and manage personal information. 

The Mandatory Notification of Data Breaches by NSW Public Sector Agencies Discussion Paper sets out specific questions for interested individuals and organisations to consider, including whether a mandatory reporting scheme should be introduced and if so, how it should operate.

In NSW, the Privacy and Personal Information Protection Act 1998 (NSW) governs how public sector agencies manage personal information. 

Currently, NSW privacy laws do not require public sector agencies to notify the NSW Privacy Commissioner when a data breach occurs, however agencies are encouraged to voluntarily report data breaches when there is a real risk of serious harm.

Personal information NSW public sector agencies can collect and store ranges from an individual’s name, address and date of birth, to health and financial records, video and audio footage, fingerprints and body samples.

To read the discussion paper and for details on how to make a submission, visit www.haveyoursay.nsw.gov.au or the consultation page on the department's website.

The deadline for submissions is Friday, 23 August 2019.

Personal data text