Data Breach Register

Mandatory notification of data breach register

Part 6A of the Privacy and Personal Information Protection Act 1998 (NSW) (PPIP Act) establishes the Mandatory Notification of Data Breaches (MNDB) scheme.

From 28 November 2023 every public sector agency bound by the PPIP Act must notify the Privacy Commissioner and affected individuals of eligible data breaches involving personal or health information that is likely to result in serious harm.

Agencies are required to maintain a public register of any notifications made under section 59ZE(2). The information recorded in the register must be publicly available for at least 12 months after the date of publication and include the information specified under section 59O.

External Register of Public Data Breach Notifications - 2023 to Present(PDF, 16KB)