Data Breach Policy and Public Notification Register

Amendments to the Privacy and Personal Information Protection Act 1998 (PPIP Act) commenced on 28 November 2023. The amendments impact the responsibilities of agencies under the PPIP Act, and require agencies to provide notifications to affected individuals in the event of an eligible data breach of their personal or health information by a NSW public sector agency or state-owned corporation subject to the PPIP Act.

The Mandatory Notification of Data Breach Scheme (MNDB) requires agencies to satisfy other data management requirements, including to maintain an internal data breach incident register, and have a publicly accessible data breach policy.

The Data Breach policy outlines the Council’s approach to complying with the Mandatory Notification of Data Breach (MNDB) Scheme, the roles and responsibilities for reporting data breaches and strategies for containing, assessing and managing eligible data breaches.

Clarence Valley Council is required to maintain a register that includes public notifications of eligible data breaches under the Privacy and Personal Information Protection Act 1998. A public notification is provided when it is not possible to notify the individuals affected by the breach directly.

Notifications in this register will be retained for 12 months.

Links to Public Notifications

There are no public notifications at this time.


Register of Public Notifications
CVC data breach 
Date of data breach Date CVC became aware of data breach  Description of data breach  Actions taken to contain and mitigate harm  Recommendations about steps individual(s) should take in response to breach Date of public notification
N/A - There have been no notifications made in the previous 12 months.