Mandatory data breach notification

The Department of Communities and Justice is seeking feedback on whether a mandatory reporting scheme for data breaches should be adopted under the Privacy and Personal Information Protection Act 1998.

What’s this about?

The Privacy and Personal Information Protection Act 1998 governs how NSW public sector agencies manage personal information. 

The Department of Communities and Justice is seeking feedback on:

  • Whether a mandatory reporting scheme for data breaches by NSW public sector agencies should be implemented in NSW
  • If a mandatory reporting scheme is implemented in NSW, how the scheme should operate.

The Mandatory Notification of Data Breaches by NSW Public Sector Agencies Discussion Paper includes specific questions for consideration.

Have your say

There are two ways you can submit your feedback:

Email: 

policy@justice.nsw.gov.au 

Mail: 

Mandatory Notification of Data Breaches by NSW Public Sector Agencies
Policy, Reform and Legislation
NSW Department of Communities and Justice
GPO Box 31
Sydney NSW 2001

Submissions close on 23 August 2019.

Please note that all submissions and comments will be treated as public, and may be published, unless you indicate that it is to be treated as confidential.