The NSW Privacy Commissioner welcomes proposed Mandatory Notification Data Breach scheme


The Privacy Commissioner, Samantha Gavel, welcomes the decision by the NSW Government to introduce a Mandatory Notification Data Breach scheme for NSW government agencies, which includes government departments, public universities and local councils and the release of the draft bill to establish the scheme for public consultation. The Privacy Commissioner encourages citizens and organisations to review and comment on the bill.

The Privacy Commissioner expects that establishing a Mandatory Notification Data Breach (MNDB) scheme will:

  • increase citizen trust in government agency handling of personal information and data breach incidents
  • increase agency awareness of and responses to data breach incidents
  • improve transparency and accountability of agencies in the way agencies respond to serious data breaches
  • encourage agencies to elevate capability to mitigate and manage the risk of data breaches
  • provide citizens with the information needed to reduce their risk of harm following a serious data breach.

The proposed NSW MNDB scheme has been informed by the Commonwealth Government’s Notifiable Data Breaches scheme, which was introduced in early 2018.

Ms Gavel said: “The adoption of a similar scheme in NSW would be valuable and promote and support responsible privacy practices by NSW agencies. It would also assist in building public confidence and trust in the Government’s use of digital technology and data to improve outcomes and services for the public.

“The Information and Privacy Commission (IPC) currently has a voluntary data breach scheme in place and I encourage NSW government agencies to continue to report significant breaches to the IPC, develop robust processes to identify potential and actual breaches and take steps to mitigate against data breaches.

“I also encourage agencies to voluntarily notify people affected by a data breach and provide information about their right to seek an internal review under the Privacy and Personal Information Protection Act 1998 (PPIP Act) in relation to the breach.

“The IPC has consulted with the Departments of Communities and Justice, Customer Service and Health on the form and scope of the proposed NSW scheme, as well as the resourcing required for the scheme to achieve its aim of protecting the privacy of NSW citizens and for the IPC to successfully manage the scheme.”


For further information, please contact:

IPC media team on 0435 961 691 or email

About the Information and Privacy Commission:

The Information and Privacy Commission NSW (IPC) is an independent statutory authority that administers New South Wales’ legislation dealing with privacy and access to government information. The IPC supports the Information Commissioner and the Privacy Commissioner in fulfilling their legislative responsibilities and functions and to ensure individuals and agencies can access consistent information, guidance and coordinated training about information access and privacy matters.

About the NSW Privacy Commissioner

Samantha Gavel was appointed as NSW Privacy Commissioner on 4 September 2017. Her role is to promote public awareness and understanding of privacy rights in NSW, as well as provide information, support, advice and assistance to agencies and the general public.

For further information about the IPC visit our website at

Download a copy of the media release here.

Have Your Say -

Department of Communities and Justice Public Consultation -

Please note since June 2021, the IPC media team email address has changed. Please send all media enquiries to All emails sent to the old CCA Digital address will be forwarded to the new address until switch over completion in December 2021.