The Privacy and Personal Information Protection Amendment Bill 2021 aims to strengthen privacy protection in NSW. The draft exposure bill proposes to:
The MNDB scheme will require public sector agencies to notify the IPC and affected individuals if a data breach affecting personal or health information that is likely to result in serious harm occurs.
The MNDB scheme will require agencies to satisfy other data management requirements, including to maintain an internal data breach incident register, and have a publicly accessible privacy and data management policy.
Under the PPIP Act, the Privacy Commissioner already has regulatory powers and functions, which can be used in relation to the MNDB scheme. These include the power to investigate and make recommendations, and the ability to publish or furnish reports to the Minister responsible for the agency. The MNDB scheme will also confer on the Privacy Commissioner additional regulatory powers in relation to the MNDB scheme, including the power of entry.
The MNDB borrows many aspects of the Commonwealth Notifiable Data Breach scheme. This is proposed to reduce interjurisdictional inconsistencies, especially given that NSW public sector entities already must comply with the Commonwealth scheme in relation to breaches of tax file numbers.
View the bill and factsheet.
Submissions on the Privacy and Personal Information Protection Amendment Bill 2021 closed on 18 June 2021. We received 32 submissions and have permission to publish the following 24 submissions: