NSW agencies face mandatory data breach notification scheme

By

First state-based scheme.

NSW has introduced the country’s first state-based mandatory data breach notification scheme.

NSW agencies face mandatory data breach notification scheme

The Privacy and Personal Information Protection Amendment Bill will require state-owned corporations issue notifications. Currently, those organisations are not subject to the Commonwealth Privacy Act.

The amendment will also introduce a data breach assessment scheme, provide limited exemptions from mandatory notifications, and give the Privacy Commissioner the power to “investigate, monitor audit and report on” public sector agency data breaches.

The state’s privacy commissioner will have enforcement powers, and public sector agencies will have to publish a data breach policy and keep a data breach register.

Attorney general Mark Speakman said the bill will create new standards of “accountability and transparency” for government bodies.

NSW has been an enthusiastic adopter of digital government capabilities, and in doing so, has expanded its collection of citizens’ data.

“In return, the government has a responsibility to effectively and proactively protect and respect that personal information,” Speakman said.

“Once passed, this new law will provide consistency across public sector agencies by making it mandatory for public sector agencies to notify the [NSW] Privacy Commissioner and those impacted by a data breach involving personal information which is likely to result in serious harm.”

The scheme would apply to all NSW agencies and departments, statutory authorities, local councils, bodies whose accounts are subject to the Auditor-General, and some universities.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

Services Australia's sweeping security uplift plans for myGov

Services Australia's sweeping security uplift plans for myGov

Medibank allegedly missed EDR alerts before data breach

Medibank allegedly missed EDR alerts before data breach

Northern Beaches Council reviews security stack to shore up widening perimeter

Northern Beaches Council reviews security stack to shore up widening perimeter

CrowdStrike rejects Delta Air Lines claims over outage

CrowdStrike rejects Delta Air Lines claims over outage

Log In

  |  Forgot your password?