Have your say

The IPC releases items for consultation. As they are released, they will appear on this page. 

 

Open for consultation: [Consultation Draft] Guideline - Guidelines on the exemption for investigations and legal proceedings under s59T October 2025

Feedback via email: ipcinfo@ipc.nsw.gov.au 

Close date: 18 November 2025

The Information and Privacy Commission (IPC) is pleased to announce the release of its new Guidelines on the exemption for investigations and legal proceedings under section 59T for consultation and feedback.

Part 6A of the Privacy and Personal Information Protection Act (PPIP Act), establishes a scheme for the mandatory notification of data breaches by NSW public sector agencies. Under the Mandatory Notification of Data Breach Scheme all public sector agencies bound by the PPIP Act must notify the Privacy Commissioner and affected individuals of data breaches involving personal or health information likely to result in serious harm. When an eligible breach has occurred, the agency must take all steps that are reasonably practicable to notify the individuals to whom the information relates or who may be affected by the breach.

Under Section 59T, where the head of an agency reasonably believes notification of the eligible data breach to affected individuals would be likely to prejudice--

  1. an investigation that could lead to the prosecution of an offence, or
  2. proceedings before a court or a tribunal, or
  3. another matter prescribed by the regulations for the purposes of this section, 

the head of the agency may decide that the agency is exempt from the requirement to notify affected individuals.

The Guidelines have been developed to support agencies in assessing: 

  • the circumstances when the exemption under s59T should be applied
  • the test to be satisfied under s59T before relying on the provision
  • factors that should be considered when assessing whether s59T applies
  • the information that should be notified to the Privacy Commissioner when relying on the exemption.

The IPC values the input of privacy practitioners in NSW and is seeking your feedback on this new guidance. In particular, we would appreciate your responses to the following focus questions:

  1. Do you believe the proposed guidelines provide sufficient clarity on when and how the exemption should be applied?
  2. Are there any scenarios or circumstances where you feel the guidelines may be difficult to interpret or implement?
  3. Can you suggest any improvements or additional considerations that would make the guidelines more effective?
  4. Are the guidelines useful and of assistance to understanding the requirements?

Your feedback is critical to ensuring that the guidance is comprehensive and effective in supporting the NSW public sector.

As required under s59ZI of the PPIP Act, the Privacy Commissioner will consult with the Attorney General and Minister of Customer Service and Digital Government before publishing the Guidelines.

It is anticipated that the finalised Guidelines will be published in early 2026.

Please submit any feedback in writing to ipcinfo@ipc.nsw.gov.au by COB 18 November 2025.

Aboriginal and Torres Strait Islander Flags
We acknowledge Aboriginal and Torres Strait Islander peoples as custodians of Australia and pay our respects to Elders, past and present. We also acknowledge the ongoing connection to land, sea and communities throughout Australia, and the contributions to the lives of all Australians. 

IPC logo.

© IPC

CC logo

Navigate

Useful links

IPC Social Media

   Linkedin

 

IPC Social Media Terms of Use