Statement relating to NSW Electoral Commission
The Acting Privacy Commissioner has been notified by the NSW Electoral Commission of a data breach in compliance with their obligations under the Mandatory Notification of Data Breach Scheme (MNDB) Scheme. The data breach affects individuals enrolled in Ward 3 of the City of Newcastle Local Government Area.
The NSW Electoral Commission has issued a media statement on the data breach which provides information about an unaccounted for printed authorised electoral roll used to mark off electors during the recent September 2024 local council elections for the City of Newcastle Ward 3 and the types of personal information the roll contains.
The Information and Privacy Commission (IPC) has engaged with the NSW Electoral Commission about the notification, including notifications to affected individuals via mail, in relation to its requirements under the MNDB Scheme.
People who believe they are affected by this incident or who have been notified and would like more information should contact the NSW Electoral Commission on 1300 135 736 (Monday to Friday, 9.00am to 5.00pm AEST) or visit their website: https://elections.nsw.gov.au/contact-us
The IPC also has information on support services available to help those impacted by a data breach, available via its website.
The IPC does not comment on the details of individual matters. Investigations of incidents are undertaken independently by the agency involved with reporting obligations required under the MNDB Scheme.
This is a timely reminder for all agencies following the first MNDB Scheme report published 1 October, which identified human error as the main cause for all notified data breaches to date. The Acting Privacy Commissioner reminds all NSW public sector agencies bound by NSW privacy legislation of their obligations to protect and secure the personal information that they hold. Agencies need to embed robust privacy practices into the design of their systems of work to safeguard their information holdings. The IPC has guidance available via its website to support agencies in meeting their obligations.
ENDS
About the Information and Privacy Commission:
The Information and Privacy Commission NSW (IPC) is an independent integrity agency that supports the NSW Information Commissioner and the NSW Privacy Commissioner. Its vision is that privacy and access to government information are valued and protected n NSW. The Information Commissioner is the chief executive of the Commission.
About the NSW Privacy Commissioner
Ms Sonia Minutillo was appointed as the Acting Privacy Commissioner in February 2024. As Acting Privacy Commissioner, her role includes the promotion of public awareness and understanding of privacy rights in NSW, as well as providing information, support, advice and assistance to agencies and the public.
The Privacy Commissioner administers the Privacy and Personal Information Protection Act 1998 (PPIP Act) and the Health Records and Information Privacy Act 2002 (HRIP Act).
About the Mandatory Notification of Data Breach Scheme
The Mandatory Notification of Data Breach (MNDB) Scheme commenced on 28 November 2023 to ensure that NSW public sector agencies respond swiftly to data breaches and provide transparent information to those individuals affected by a breach.
The Scheme imposes obligations on agencies to mitigate the harm that may arise from a data breach, make notifications to the affected individuals and the Privacy Commissioner when an eligible data breach occurs, take steps to prevent further breaches occurring and provide advice to individuals on the steps they should take following a data breach.
For further information about the IPC visit our website at www.ipc.nsw.gov.au
