SIRA Logo

SIRA Public Incident Register

Mandatory Notification of Data Breaches Scheme

Part 6A of the Privacy and Personal Information Act 1998 (PPIP Act) establishes the Mandatory Notification of Data Breaches Scheme (MNDB Scheme). Information on the MNDB Scheme is available on the Information & Privacy Commission website.

When data breaches are published on this register

Section 59P of the PPIP Act requires that SIRA maintain a Public Notification Register. Under section 59N(2) and 59P(3) details of data breaches are published in this Register when the Act requires a person affected by a data breach to be notified but it is not reasonably practicable to notify them individually.

How long information is published

Information on this Register is required by the Act to be published for 12 months. No information will be shown on this page if there are no notifications currently required to be published.

What information is published

Where a notification is made on this Register the section 59P(3)(b) requires the following details (set out in section 59O) to be recorded on the Register except to the extent they contain personal information or would prejudice SIRA’s functions:

  • Date of breach
  • Description of breach
  • How the breach occurred
  • The type of breach (unauthorised disclosure, access or loss of information)
  • The kind of information involved
  • How long the information was disclosed for
  • Action taken or planned to contain or mitigate any harm to individuals or secure the data
  • Any recommended actions that affected individuals take themselves (if any)
  • How to make a privacy complaint (see below)
  • The name of the department as the agency responsible for the breach
  • The name of any other NSW government agency involved in the breach (if any)
  • Contact details to speak to someone about the breach

Making a privacy complaint

Please note that SIRA has already formally notified the NSW Privacy Commissioner of each data breach published on this Register.

A person affected by a data breach can also lodge a privacy complaint with SIRA for SIRA to investigate. Complaints can be submitted at [email protected].

Alternatively, to make a privacy complaint to the NSW Privacy Commissioner please see the Information and Privacy Commission website.

Public Notification Register

SIRA Data Breach IdentifierDate of data breachDate SIRA became aware of the data breachDescription of data breachType of data breach
N/A - There have been no notifications made in the previous 12 months.   

Contact us