Acting NSW Privacy Commissioner welcomes the commencement of the Mandatory Notification of Data Breach Scheme


Today, the Acting NSW Privacy Commissioner welcomed the commencement of the new Mandatory Notification of Data Breach (MNDB) Scheme. The MNDB Scheme was created following the passage of amendments to the Privacy and Personal Information Protection Act 1998 (PPIP Act) in November 2022.

The MNDB Scheme requires that all NSW public sector agencies bound by the PPIP Act must notify the Privacy Commissioner and affected individuals of data breaches involving personal or health information likely to result in serious harm. The MNDB Scheme also requires agencies to satisfy other data management requirements, including to maintain an internal data breach incident register, and have a publicly accessible data breach policy.

The Acting Privacy Commissioner, Sonia Minutillo, said, “The commencement of the MNDB Scheme marks a truly significant shift in how NSW public sector agencies promote, support, and practise responsible privacy governance that is consistent across government. The mandated reporting of eligible data breaches promotes trust, and accountability and will assist in building public confidence.

“The MNDB Scheme’s introduction also provides enhanced support and clarity to all NSW citizens if they are impacted by a breach as agencies must now notify them and offer support.

“Over the past twelve months, the IPC has been working to deliver a wide range of resources, guidance and support to prepare agencies and I commend all agencies for their reception and responsiveness in their preparation of the Scheme.

“The IPC has further guidance and resources being published over the coming months to further support agencies and is developing its processes for data breach reporting.”

All IPC developed resources to support agencies and citizens in their understanding of the MNDB Scheme are available via its website




For further information, please contact:

The Manager, Communications and Corporate Affairs on 0435 961 691 or email

About the Information and Privacy Commission:

The Information and Privacy Commission NSW (IPC) is an independent statutory authority that administers New South Wales’ legislation dealing with privacy and access to government information. The IPC supports the Information Commissioner and the Privacy Commissioner in fulfilling their legislative responsibilities and functions and to ensure individuals and agencies can access consistent information, guidance and coordinated training about information access and privacy matters.

About the NSW Privacy Commissioner

The role of the Privacy Commissioner is to promote public awareness and understanding of privacy rights in NSW, as well as provide information, support, advice and assistance to agencies and the general public.

For further information about the IPC visit our website at

Download the media release here.