The Department of Communities and Justice has released a discussion paper for consultation on how NSW Government Agencies should respond to data breaches.
According to the Department, their paper Mandatory Notification of Data Breaches by NSW Public Sector Agencies, is aimed at seeking feedback on whether public sector agencies should be required to notify the NSW Privacy Commissioner and affected individuals if a breach of privacy occurs
The discussion paper also seeks feedback on how a scheme of mandatory notification should operate.
The Department said the NSW Privacy Commissioner already encouraged agencies to take voluntary action and report data breaches when there is a risk of serious harm to an individual.
It said that while the Commonwealth already has a mandatory Notifiable Data Breaches Scheme, introduced in February 2018, it applied to Federal Government Agencies.
“Stakeholders now have an opportunity to have their say on whether, and if so, how a mandatory notification scheme should operate in NSW,” the Department said.
It said submissions must be sent in before Friday 23 August.
The Department’s 19-page discussion paper can be accessed at this PS News link.