Automatic language translation
Our website uses an automatic service to translate our content into different languages. These translations should be used as a guide only. See our Accessibility page for further information.
Last published on 25 Jul 2019
The Department of Communities and Justice is inviting feedback on how NSW public sector agencies respond to privacy breaches and manage personal information.
The Mandatory Notification of Data Breaches by NSW Public Sector Agencies Discussion Paper sets out specific questions for interested individuals and organisations to consider, including whether a mandatory reporting scheme should be introduced and if so, how it should operate.
In NSW, the Privacy and Personal Information Protection Act 1998(NSW) governs how public sector agencies manage personal information.
Currently, NSW privacy laws do not require public sector agencies to notify the NSW Privacy Commissioner when a data breach occurs, however agencies are encouraged to voluntarily report data breaches when there is a real risk of serious harm.
Personal information NSW public sector agencies can collect and store ranges from an individual’s name, address and date of birth, to health and financial records, video and audio footage, fingerprints and body samples.
To read the discussion paper and for details on how to make a submission, visit NSW Have your say or Mandatory data breach notification.
The deadline for submissions is Friday, 23 August 2019.
24 Nov 2021