Data breach incidents
| Data breach incidents |
|---|
Agencies are required to prepare and publish a Data Breach Policy as required by the MNDB Scheme. The Data Breach Policy details how the agency will respond to a data breach including clear roles and responsibilities for managing a data breach or suspected data breach. The Policy sets out the steps the agency will follow if a breach occurs, including notifying affected individuals and the Privacy Commissioner.
Agencies are required to establish and maintain:
- An internal register of eligible data breaches; and
- A public register of any public data breach notifications made under section 59N(2) of the PPIP Act.
| Relevant Resources |
|---|
- Mandatory Notification of Data Breach Scheme
- Guide to preparing a data breach policy
- Fact Sheet for agencies: Exemptions from notification to affected individuals
- Guide to managing data breaches in accordance with the PPIP Act
- Form: Data Breach Notification to the Privacy Commissioner
- Guide to Regulatory Action under the MNDB Scheme
- Guideline - Guidelines on the assessment of data breaches under Part 6A of the PPIP Act
- Guideline - Guidelines on the exemption for risk of serious harm to health or safety under section 59W
- Guideline - Guidelines on the exemption for compromised cyber security under section 59X
- Data Breach Self-assessment Tool for MNDB
- Data Breach Prevention Checklist
- Fact sheet – NSW public sector agencies and data breaches involving tax file numbers
- Fact sheet – Tips for reducing data breaches when sending emails
- Transition to the Cloud: managing your agency’s privacy risks
- Essential Eight Guide to managing cyber security incidents
Read next: Evaluation, internal and external oversight
