NSW agencies face mandatory data breach notification scheme

By

First state-based scheme.

NSW has introduced the country’s first state-based mandatory data breach notification scheme.

NSW agencies face mandatory data breach notification scheme

The Privacy and Personal Information Protection Amendment Bill will require state-owned corporations issue notifications. Currently, those organisations are not subject to the Commonwealth Privacy Act.

The amendment will also introduce a data breach assessment scheme, provide limited exemptions from mandatory notifications, and give the Privacy Commissioner the power to “investigate, monitor audit and report on” public sector agency data breaches.

The state’s privacy commissioner will have enforcement powers, and public sector agencies will have to publish a data breach policy and keep a data breach register.

Attorney general Mark Speakman said the bill will create new standards of “accountability and transparency” for government bodies.

NSW has been an enthusiastic adopter of digital government capabilities, and in doing so, has expanded its collection of citizens’ data.

“In return, the government has a responsibility to effectively and proactively protect and respect that personal information,” Speakman said.

“Once passed, this new law will provide consistency across public sector agencies by making it mandatory for public sector agencies to notify the [NSW] Privacy Commissioner and those impacted by a data breach involving personal information which is likely to result in serious harm.”

The scheme would apply to all NSW agencies and departments, statutory authorities, local councils, bodies whose accounts are subject to the Auditor-General, and some universities.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

Eagers Automotive finds unauthorised access to parts of IT systems

Eagers Automotive finds unauthorised access to parts of IT systems

Hackers hit Victoria's court recording database

Hackers hit Victoria's court recording database

St Vincent's Health Australia warns cyber attack forensics could "take some time"

St Vincent's Health Australia warns cyber attack forensics could "take some time"

Yakult Australia confirms cyber incident

Yakult Australia confirms cyber incident

Log In

  |  Forgot your password?