Mandatory Notification of Data Breach Scheme

On 28 November 2023, amendments to the Privacy and Personal Information Protection Act 1998 (NSW) take effect that establish a Mandatory Notification of Data Breach (MNDB) Scheme.

Under the MNDB Scheme, NSW public sector agencies must notify the Privacy Commissioner and affected individuals of eligible data breaches (unless a relevant exemption applies).

Other key obligations for agencies under the MNDB Scheme include:

• Preparing and publishing a Data Breach Policy outlining the Department’s strategy for managing and responding to data breaches which must be publicly accessible
• Containing and assessing suspected breaches
• Establishing and maintaining an internal register for eligible data breaches
• Maintaining and publishing a public notification register for any public data breach notifications that the agency has issued.

This webpage is currently under construction and will be continually updated to ensure that the Department of Communities and Justice complies with the requirements of the MNDB Scheme.