The Information and Privacy Commission NSW (IPC) is gearing up for a new scheme requiring Government Agencies to notify citizens of data breaches which may affect their personal information.
Welcoming amendments to the Privacy and Personal Information Protection Act 1998, Privacy Commissioner Samantha Gavel outlined how IPC would support Government Agencies to comply with the newly created Mandatory Notification of Data Breaches (MNDB) Scheme.
Commissioner Gavel said the MNDB required Public Sector Agencies to notify the Privacy Commissioner and affected individuals of data breaches involving personal or health information that was likely to result in serious harm.
“The MNDB Scheme will require Agencies to satisfy other data management requirements, including to maintain an internal data breach incident register, and have a publicly accessible data breach policy,” Commissioner Gavel said.
“[It] will enable NSW Agencies to promote, support and practise responsible privacy governance that is consistent across Government,” she said.
“It will also assist in building public confidence and trust in the Government’s use of digital technology and data to improve outcomes and services for the public.”
Commissioner Gavel said that ahead of the Scheme’s implementation, the IPC is to develop a suite of new resources and guidance for both NSW Agencies and citizens.
She said this would include new guidelines on the details of the MNDB Scheme including defining eligible data breaches, notification exemptions and Agency guides to comply with the new legislative requirements.
“Resources will also include information on the steps to take following an eligible breach and how to prepare compliant policies and procedures,” the Commissioner said.
“The IPC will also develop e-learning modules for Agencies to undertake training on the changes, resources for citizens such as fact sheets and animations to understand their rights and processes under the amendments, and update existing Agency guidance to align with the changes.”
Commissioner Gavel said IPC would implement internal IT enhancements and processes that could support the new Agency reporting requirements under the Scheme,
She said IPC would also update its website to reflect the legislative changes and create an information hub where Agencies could find all relevant information regarding the MNDB Scheme.
“In preparing for implementation of the new Scheme, Agencies are encouraged to develop robust processes to identify potential and actual breaches, and elevate Government capabilities to mitigate and manage data breaches,” she said.