Data Breach Public Notification Register
The purpose of this register is to ensure individuals can determine whether they may have been affected by a Department of Primary Industries and Regional Development data breach and take action to protect their personal information where necessary.
Why we have a register
If we are unable to notify any of the affected individuals directly, a public notice will be placed on this page.
Part 6A of the Privacy and Personal Information Protection Act 1998 (NSW) introduces the Mandatory Notification of Data Breach (MNDB) Scheme. Under the MNDB scheme, the department must notify the affected individuals of data breaches involving personal or health information that are likely to result in serious harm unless an exemption applies.
When data breaches will be published on this register
The department must provide notification of an eligible data breach as soon as practicable after a data breach has been assessed and after notification exemptions have been considered.
The notification must be available for at least 12 months after the date of publication and include specific legislated information.
Information published in the register
We must record the following details of the eligible data breach on this register:
- data breach title
- date of data breach
- date notification published
- description of data breach
- how the data breach occurred
- type of data breach
- type of personal information that was the subject of the data breach
- amount of time the personal information was disclosed
- actions the department has taken or are planned to take to ensure the personal information is secure, or to control or mitigate the hard done
- recommendations about the steps the individual should take in response to the data breach
- information on how to make a privacy complaint and request an internal review
- agency(s) name that are the subject of the data beach
- contact details for the data breach.