Data Breach Policy and Public Notification Register

Introduction

Part 6A of the Privacy and Personal Information Protection Act 1998 (NSW) (PPIP Act) established the NSW Mandatory Notification of Data Breach (MNDB) Scheme. The MNDB Scheme requires every NSW public sector agency bound by the PPIP Act to notify the Privacy Commissioner and affected individuals of eligible data breaches. Under the scheme, public sector agencies are required to prepare and publish a Data Breach Policy (DBP) for managing such breaches.

Data Breach Policy

This policy outlines Council’s approach to complying with the MNDB Scheme, the roles and responsibilities for reporting data breaches and strategies for containing, assessing, and managing eligible data breaches.

• Download the Data Breach Policy

Public Notification Register

This page provides details of the public notification of an eligible data breach under the Privacy and Personal Information Protection Act 1998 (NSW) (PPIP Act). A public notification is provided when it is not reasonably practicable to notify any or all of the individuals affected by the breach directly.

A list of all public notifications made by Council and Council’s Register of Public Notifications is found below. Council will retain notifications in the register for a period of 12-months.

Links to Public Notifications

There are no public notifications at this time.

Register of Public Notifications

There have been no notifications made in the previous 12-months.

Other Associates Links

• Download Council's Privacy and Information Protection Policy
• Download Council's Privacy Management Plan

More information

Contact Council for more information about the Data Breach Policy and Public Notification Register:

• T: 4474 1000
• E: council@esc.nsw.gov.au