The organizations in New South Wales (NSW), Australia, would mandatorily need to report data breaches to the law enforcement authorities. The NSW government recently proposed the “Privacy and Personal Information Protection Amendment Bill 2021” that will require public and private enterprises to disclose any security breaches to the Privacy Commissioner and any affected people.
The proposed mandatory notification of the data breaches (MNDB) scheme, which is open for consultation until June 18, 2021, aims to bolster data privacy protection and extends the data breach reporting requirements in the state. Once approved, NSW would become the first Australian state to introduce a mandatory data breach notification scheme, creating new security standards and transparency in data protection management.
The data disclosure notification should contain:
- Formation and description about the data breach, including when and how it happened
- Details of the date that the agency first become aware of the breach
- Description of what data has been disclosed
- Assurances about what data has not been disclosed
- What the agency is doing to control or reduce the harm
- What steps the organization has taken to protect and negate further disclosure
- Details of the number of persons affected in the data breach
- Whether the affected persons have been advised
- Information about the agency’s remedial action plan
- Information as to whether any reports have been made to other relevant bodies
Currently, there are no obligations on data breach disclosures. The agencies are encouraged to voluntarily report any data breaches to the Privacy Commissioner and the affected individuals. Besides, organizations are urged to implement robust security measures to protect users’ personal information.
What the experts say…
Commenting on the proposed bill, Attorney General Mark Speakman said, “The protection of people’s privacy is crucial to public confidence in NSW Government services. I encourage anyone with an interest in this area to submit. If passed, this Bill will introduce a scheme that will ensure greater openness and accountability in relation to the handling of personal information held by NSW public sector agencies.”
“The NSW Government is committed to enhancing services through digital innovation, but it is vital the use of technology and data embodies the highest privacy, trust, and security standards. The Information and Privacy Commission NSW and agencies such as Cyber Security NSW support the introduction of mandatory reporting to clarify agency obligations and give the NSW public greater certainty about how data breaches involving personal information will be handled,” said the Minister for Digital and Minister for Customer Service Victor Dominello.