SIRA Public Incident Register
Mandatory Notification of Data Breaches Scheme
Part 6A of the Privacy and Personal Information Act 1998 (PPIP Act) establishes the Mandatory Notification of Data Breaches Scheme (MNDB Scheme). Information on the MNDB Scheme is available on the Information & Privacy Commission website.
When data breaches are published on this register
Section 59P of the PPIP Act requires that SIRA maintain a Public Notification Register. Under section 59N(2) and 59P(3) details of data breaches are published in this Register when the Act requires a person affected by a data breach to be notified but it is not reasonably practicable to notify them individually.
How long information is published
Information on this Register is required by the Act to be published for 12 months. No information will be shown on this page if there are no notifications currently required to be published.
What information is published
Where a notification is made on this Register the section 59P(3)(b) requires the following details (set out in section 59O) to be recorded on the Register except to the extent they contain personal information or would prejudice SIRA’s functions:
- Date of breach
- Description of breach
- How the breach occurred
- The type of breach (unauthorised disclosure, access or loss of information)
- The kind of information involved
- How long the information was disclosed for
- Action taken or planned to contain or mitigate any harm to individuals or secure the data
- Any recommended actions that affected individuals take themselves (if any)
- How to make a privacy complaint (see below)
- The name of the department as the agency responsible for the breach
- The name of any other NSW government agency involved in the breach (if any)
- Contact details to speak to someone about the breach
Making a privacy complaint
Please note that SIRA has already formally notified the NSW Privacy Commissioner of each data breach published on this Register.
A person affected by a data breach can also lodge a privacy complaint with SIRA for SIRA to investigate. Complaints can be submitted at [email protected].
Alternatively, to make a privacy complaint to the NSW Privacy Commissioner please see the Information and Privacy Commission website.
Public Notification Register
SIRA Data Breach Identifier | Date of data breach | Date SIRA became aware of the data breach | Description of data breach | Type of data breach |
---|---|---|---|---|
N/A - There have been no notifications made in the previous 12 months. |