NSW will be the first to introduce a mandatory scheme for its government agencies to respond to data breaches after new laws passed Parliament last night. 

Attorney General Mark Speakman said the passing of the Privacy and Personal Information Protection Amendment Bill 2022 fulfils the NSW Government’s commitment to strengthen privacy protections for personal data. 

“The new law establishes a mandatory data scheme which will require public sector agencies to notify the Privacy Commissioner if there is suspected data breach involving personal information which is likely to result in serious harm,” he said. 

“Under the scheme, agencies will have to satisfy a number of data management requirements, including maintaining an internal data breach incident register, and having a publicly accessible data breach policy.” 

The new scheme is said to establish new standards of accountability and transparency around the protection of citizens’ personal information.  

It will also create greater openness while also enhancing consistency across all public sector agencies. 

The Attorney General also states that the scheme will give individuals information the need to reduce their risk of harm while helping agencies respond properly. 

“Every day, the people of NSW offer their personal information to government agencies, which is a significant undertaking of trust. In return, the government recognises it has a responsibility to effectively and proactively protect and respect that personal information,” he said. 

“These reforms will make that responsibility law.” 

Minister for Customer Service and Digital Government Victor Dominello said the new laws are evidence of how the state government is further strengthening privacy protections and digital governance for the benefit of NSW citizens. 

“The NSW Government consulted extensively on these reforms to ensure the scheme strikes the right balance between improving privacy protections for NSW citizens and being practical enough for government agencies to take appropriate steps in a potential data breach response,” Minister Dominello said. 

“The scheme will apply to all public sector agencies as defined in the new laws, including all NSW agencies and departments, statutory authorities, local councils, bodies whose accounts are subject to the Auditor General and some universities.” 

Source: NSW Government media release. Content has been edited for style and length.

Eliza Sayon

Website | + posts

Eliza is a content producer and editor at Public Spectrum. She is an experienced writer on topics related to the government and to the public, as well as stories that uplift and improve the community.

• Developing an effective data ecosystem
• The journey of building an ecosystem through data
• NZ government strengthens data privacy laws against third parties
• eSafety Commissioner issues legal notice against Twitter