Mandatory notification of data breach register

Part 6A of the Privacy and Personal Information Protection Act 1998 (NSW) (PPIP Act) establishes the Mandatory Notification of Data Breaches (MNDB) scheme. From 28 November 2023 every public sector agency bound by the PPIP Act must notify the Privacy Commissioner and affected individuals of eligible data breaches involving personal or health information that is likely to result in serious harm.

Agencies are required to maintain a public register of any notifications made under section 59ZE(2). The information recorded in the register must be publicly available for at least 12 months after the date of publication and include the information specified under section 59O.

There are currently no notifications to report.

Rate this page

  • Rate as The content was useful0% The content was useful votes
  • Rate as The content was not useful0% The content was not useful votes

Thanks for your feedback. We will use this data to improve the content of this page.

Page last updated: 28 Nov 2023