Public notification register

This page lists details of any data breaches that meet certain criteria under Section 59P of the Privacy and Personal Information Protection Act 1998If it's not reasonably practicable to notify any or all of affected individuals directly, a public notice about the breach will be posted here. 

 

What is the mandatory notification of Data Breach Scheme

The Mandatory Notification of Data Breach Scheme (MNDB Scheme) requires NSW public sector agencies, to notify affected individuals and the NSW Privacy Commissioner when there has been an eligible data breach of personal or health information.

For more information about the MNDB Scheme please read section Part 6A of the Privacy and Personal Information Act 1998  or the NSW Information and Privacy Commission website.

When data breaches are published on this register

We will make every effort to notify you personally if your personal or health information is breached. If it's not reasonably practicable to notify any or all of affected individually directly, you will be able to find details about the data breach on this page.

What information is published

We will record the following details unless they contain personal information or they would prejudice Council's functions:

  • Date of breach
  • Description of breach
  • How the breach occurred
  • The type of breach (unauthorised disclosure, access or loss of information)
  • The kind of information involved
  • How long the information was disclosed for
  • Action taken or planned to contain or mitigate any harm to individuals or secure the data
  • Any recommended actions that affected individuals take themselves (if any)
  • How to make a privacy complaint
  • The name of the agency responsible for the breach
  • The name of any other NSW government agency involved in the breach (if any)
  • Contact details to speak to someone about the breach

How long information is published

Any information added to this register will stay published for 12 months.  

Making a privacy complaint

Any data breach published on this register has already been reported to the NSW Privacy Commissioner.

If you believe you have been affected by a data breach you can lodge an application with us for a privacy internal review. This is an internal investigation to assess if we have complied with our privacy obligations. During the investigation we will advise and consult with the NSW Privacy Commissioner.  For more information, please refer to our Privacy Statement and submission form

To make a privacy complaint to the NSW Privacy Commissioner please visit Privacy (nsw.gov.au)