Consultation on mandatory reporting of privacy breaches

Consultation for the discussion paper is now closed. 

On Friday, 19 July 2019, a discussion paper was released by the NSW Department of Communities and Justice titled, Mandatory Notification of Data Breaches by NSW Public Sector. The paper is aimed at seeking feedback on:

• whether NSW public sector agencies should be required to notify the NSW Privacy Commissioner and affected individuals if a breach of privacy occurs; and
• how the key elements of a mandatory notification scheme should operate (if implemented in NSW).

The current system implemented by the IPC, is a voluntary data breach reporting policy to encourage agencies to report breaches to the NSW Privacy Commissioner. However, data breach reporting by agencies is not mandatory.

The Commonwealth Government’s mandatory Notifiable Data Breaches Scheme (introduced in February 2018) only applies to federal government agencies.

The NSW Department of Communities and Justice is urging the community to provide their feedback. Stakeholders now have an opportunity to have their say on whether, and if so, how a mandatory notification scheme should operate in NSW.

The discussion paper is available at www.haveyoursay.nsw.gov.au.

Should you be interested in providing your feedback, you should send it to policy@justice.nsw.gov.au or via mail to:

Mandatory Notification of Data Breaches by NSW Public Sector Agencies
Policy Reform and Legislation
NSW Department of Communities and Justice
GPO Box 31, Sydney, 2001.

Submissions close on Friday 23 August 2019.

View the media release by the NSW Department of Communities and Justice here. (Link unavailable)