Reporting a data breach under the Mandatory Notification of Data Breach Scheme

Have more questions? Submit a request

With the Mandatory Notification Data Breach (MNDB) Scheme coming into effect, agencies now need to report data breaches accordingly. This article will guide agencies through the process of reporting data breaches related to nsw.gov.au under the MNDB Scheme. 

The Mandatory Notification of Data Breach (MNDB) Scheme

The Mandatory Notification of Data Breach (MNDB) Scheme came into effect on 28 November 2023 as a result of amendments to the Privacy and Personal Information Protection Act 1998 (PPIP Act).

Key requirements of the MNDB Scheme

The MNDB Scheme requires public sector agencies bound by the PPIP Act to take specific actions in the event of a data breach.

Once a data breach is reported, an agency must carry out an assessment to determine if the data breach is likely to cause serious harm to affected individuals. Serious harm can include physical, financial, material, reputational, emotional, or psychological harm. Data breaches that are likely to cause serious harm to affected individuals are considered eligible data breaches.

Under the MNDB Scheme, agencies must notify the Privacy Commissioner and affected individuals about eligible data breaches.

More information
Further information about the scheme can be found on IPC's Mandatory Notification of Data Breach Scheme page.

Main steps and timelines under the MNDB Scheme

MicrosoftTeams-image.png

Reporting data breaches under the MNDB Scheme

To comply with the process of reporting nsw.gov.au related data breaches, agencies must

  1. adhere to their own portfolio's data breach response policies and requirements, and
  2. submit a request to the nsw.gov.au Privacy Team using the Request support for Privacy Enquiries form.

Reporting data breaches under your portfolio requirements

Each portfolio has its own policies and procedures outlining how to respond to data breaches in compliance with the MNDB Scheme requirements.

Data breaches must first be promptly reported to your management and relevant privacy teams.

Your agency must then consult with representatives from your portfolio when reporting data breaches to ensure alignment with your portfolio's compliance with MNDB.

Reporting data breaches to the nsw.gov.au Privacy Team

In addition to reporting a nsw.gov.au related data breach as required by your portfolio’s policies and procedures, you must report the breach to the nsw.gov.au Privacy Team. To do this, fill in the Request support for Privacy Enquiries form, selecting Privacy enquiry type: Report a data breach.

The nsw.gov.au Privacy Team will then take further steps as required under the MNDB Scheme in relation to your submission.

Need more support on Privacy for nsw.gov.au?

Request support for Privacy enquiries now and our Privacy team will be in touch to assist you.

Articles in this section

Was this article helpful?
0 out of 0 found this helpful