IPC Data Breach Policy and Public Notification Register

IPC Data Breach Policy

This policy outlines the Information and Privacy Commission’s (IPC) approach to complying with the Mandatory Notification of Data Breach (MNDB) Scheme, the roles and responsibilities for reporting data breaches and strategies for containing, assessing and managing eligible data breaches.

Further information and resources on the MNDB Scheme is available via the IPC's dedicated webpage.  

IPC Public Notification Register

This page provides details of the public notification of an eligible data breach under the Privacy and Personal Information Protection Act 1998 (NSW) (PPIP Act).

A public notification is provided when it is not reasonably practicable to notify any or all of the individuals affected by the breach directly.

A list of ALL public notifications made by the IPC and the IPC Register of Public Notifications is found below. The IPC will retain notifications in the register for a period of 12-months.


Links to Public Notifications

There are no public notifications at this time.


Register of Public Notifications

IPC Data Breach Identifier

Date of data breach

Date IPC became aware of data breach

Description of data breach

Type of data breach

N/A - There have been no notifications made in the previous 12-months.