On 16 November 2022, the NSW Parliament passed amendments to the Privacy and Personal Information Protection Act 1998 (PIPA). The amendments to the PPIP Act aim to strengthen privacy legislation in NSW by:
- creating a Mandatory Notification of Data Breaches (MNDB) Scheme which will require public sector agencies bound by the PPIP Act to notify the Privacy Commissioner and affected individuals of data breaches involving personal or health information likely to result in serious harm; and
- applying the PPIP Act to all NSW state-owned corporations that are not regulated by the Commonwealth Privacy Act 1988
The MNDB Scheme will require agencies to satisfy other data management requirements, including to maintain an internal data breach incident register, and have a publicly accessible data breach policy. Read the media release and statement here from NSW Privacy Commissioner, Samantha Gavel on guidance and resources to prepare for the new Scheme to ensure the required systems, processes and capability is in place.
The amendments to the PPIP Act can be accessed on the NSW Parliament website here.