The Mandatory Notification of Data Breach (MNDB) Scheme will come into effect on 28 November 2023. It requires public sector agencies bound by the PPIP Act to notify the Privacy Commissioner and affected individuals of data breaches involving personal or health information likely to result in serious harm. It also applies to all NSW state-owned corporations that are not regulated by the Commonwealth Privacy Act 1988. Agencies are required to: immediately make all reasonable efforts to contain a data breach undertake an assessment within 30 days where there are reasonable grounds to suspect there may have been an eligible data breach during the assessment period, make all reasonable attempts to mitigate the harm done by the suspected breach decide whether a breach is an eligible data breach or there are reasonable grounds to believe the breach is an eligible data breach notify the Privacy Commissioner and affected individuals of the eligible data breach comply […]