Data breach notifications

To assist NSW public sector agencies, the Information and Privacy Commission NSW (IPC) has developed a suite of resources to support NSW’s voluntary data breach reporting scheme.

How to notify

Data breach notification form (Word 735KB)

This template assists NSW public sector agencies to notify the IPC in the unlikely situation of a data breach. It poses questions around the identity and contact details of the agency, description of the breach, impact assessment and risk of harm, and offers some remedial action points.

Fact sheet and guidance

Fact sheet - NSW Public Sector Agencies and Notifiable Data Breaches

This fact sheet provides information on how to respond to data breaches with guidance on Tax File Number collection, other data breach notification schemes (sharing of government sector data and the European Union's General Data Protection Regulation), and how to notify the IPC if a data breach occurs.

Data breach guidance

This resource is aimed at helping agencies proactively report data breaches under the existing voluntary reporting scheme.

Proactively reporting breaches sends a strong message to the public that your organisation is committed to promoting a culture of privacy protection, and has the necessary systems and processes in place to ensure accountability should a breach occur.

Proactively and voluntarily addressing breaches where they do occur plays a critical role in maintaining public trust in an agency's ability to manage people’s personal information.

Prevention checklist

Data breach prevention checklist (Excel 52KB)

This resource provides a useful list of internal checks where you can measure your current level of preparation under the headings of ‘People, Governance and Culture’, ‘Policy’, ‘Processes’, and ‘Technology’.  Select the response that best reflects your agency to receive an overall summary.

This resource also provides an action list for responding to a data breach.

Notifiable Data Breach Scheme

The Commonwealth Notifiable Data Breaches (NDB) scheme was introduced under the Australian Privacy Act 1988 (Privacy Act) on 22 February 2018.

The NDB scheme establishes a mandatory data breach notification protocol that requires organisations covered by the Privacy Act to notify individuals likely to be at risk of serious harm due to a data breach.

Although the NDB scheme is aimed primarily at federal government agencies and private sector organisations regulated by the Australian Privacy Principles (APPs) under the Privacy Act, there are provisions that apply to NSW public sector agencies.

Other useful resources

IPC Data Breach Policy

IPC Privacy Governance Framework

IPC Privacy Management Plan

Essential Eight Guide to managing cyber security incidents

Guide to implementation of cyber security controls

Quarterly statistics

The IPC publishes quarterly statistical information about notifications received to assist NSW public sector agencies and the public to understand the operation of the scheme.

Quarterly statistics: FY2017 - 2018: Q3 and Q4 (PDF 83kb)

Rating: 
1 out of 5 star rating
Average: 1 (1 vote)
Tags: 
Keywords: 
Data breach notifications
Topic: 
Archive: 
0
Teaser: 
To assist NSW public sector agencies, the Information and Privacy Commission NSW has developed a suite of resources to support NSW’s voluntary data breach reporting scheme.