Have Your Say on NSW privacy laws

Published: 7 May 2021

Released by: Minister for Customer Service and Digital Government, Minister for Customer Service, Attorney General, Minister for the Prevention of Domestic and Sexual Violence

NSW is set to become the first Australian state or territory to introduce a mandatory
notification of data breach scheme to create new standards of accountability and
transparency to protect personal information.

Attorney General Mark Speakman and Minister for Digital and Minister for Customer Service Victor Dominello have marked Privacy Awareness Week by releasing for public consultation a draft of the Privacy and Personal Information Protection Amendment Bill 2021 which creates the scheme.

Mr Speakman said the Mandatory Data Breach Notification Scheme would ensure NSW public sector agencies notify the Privacy Commissioner and affected individuals when a data breach involving personal information is likely to result in serious harm.

“The protection of people’s privacy is crucial to public confidence in NSW Government services. I encourage anyone with an interest in this area to make a submission,” Mr Speakman said.

“If passed, this Bill will introduce a scheme that will ensure greater openness and
accountability in relation to the handling of personal information held by NSW public sector agencies.”

The NSW Department of Communities and Justice (DCJ) and the NSW Department of Customer Service (DCS) have listened to key stakeholders who’ve provided overwhelming support for the introduction of the scheme and had input on how the scheme should operate.

Public submissions can now be made until Friday, 18 June on the Have Your Say website.

Mr Dominello said privacy is the hallmark of our democracy and must be carefully guarded.

“The NSW Government is committed to enhancing services through digital innovation, but it is vital the use of technology and data embodies the highest privacy, trust and security standards,” Mr Dominello said.

“The Information and Privacy Commission NSW and agencies such as Cyber Security NSW support the introduction of mandatory reporting to clarify agency obligations and give the NSW public greater certainty about how data breaches involving personal information will be handled.”

The Information and Privacy Commissioner NSW will play a role in the implementation and administration of this scheme.

Top of page