Amendments to the Privacy and Personal Information Protection Act 1998 (PPIP Act) commenced on 28 November 2023. The amendments impact the responsibilities of agencies under the PPIP Act, and require agencies to provide notifications to affected individuals in the event of an eligible data breach of their personal or health information by a NSW public sector agency or state-owned corporation subject to the PPIP Act.
The Mandatory Notification of Data Breach Scheme (MNDB) requires agencies to satisfy other data management requirements, including to maintain an internal data breach incident register, and have a publicly accessible data breach policy.
The Data Breach policy outlines the Council’s approach to complying with the Mandatory Notification of Data Breach (MNDB) Scheme, the roles and responsibilities for reporting data breaches and strategies for containing, assessing and managing eligible data breaches.
Clarence Valley Council is required to maintain a register that includes public notifications of eligible data breaches under the Privacy and Personal Information Protection Act 1998. A public notification is provided when it is not possible to notify the individuals affected by the breach directly.
Notifications in this register will be retained for 12 months.
There are no public notifications at this time.