October 19, 2020

Volume X, Number 293

October 16, 2020

Subscribe to Latest Legal News and Analysis

Uniformity Of Law: NSW Government Opens Consultation To Consider Making Data Breach Reporting Mandatory In Respect Of State Government Agencies

We have blogged numerous times on the notifiable data breach scheme provided for in Part IIIC of Privacy Act 1988 (Cth) including more recently in relation to its success in assisting the preparedness of the health sector to report and respond to data breaches.

Whilst the NSW Information Privacy Commissioner recommends that public sector agencies notify it and affected individuals where a data breach creates a risk of serious harm, neither NSW privacy laws nor the notifiable data breach scheme require public sector agencies in NSW to provide such notification. There are many reasons for state government agencies to mandatorily report data breaches. Informing citizens when privacy breaches occur provides an opportunity for individual protection against potentially adverse consequences, whilst mandatory data breach reporting would address the current under-reporting of data breaches in NSW, which according to the consultation may be the norm.

If the notifiable data breach scheme is an appropriate burden to put on private companies, with the Commonwealth Government highlighting the need for citizens to be confident that their personal information is being sufficiently protected by such entities, you’d expect that government entities such as public agencies would have adopted such an approach well before now. At least however the consultation is a step in the right direction with the NSW Government endeavouring to catch up to existing obligations placed on private entities.

We will track the consultation and let you know the result.

Co-Authored by Max Evans

Copyright 2020 K & L GatesNational Law Review, Volume IX, Number 238


About this Author

Cameron Abbott, Technology, Attorney, Australia, corporate, KL Gates Law Firm

Mr. Abbott is a corporate lawyer who focuses on technology, telecommunications and broadcasting transactions. He assists corporations and vendors in managing their technology requirements and contracts, particularly large outsourcing and technology procurements issues including licensing terms for SAP and Oracle and major system integration transactions.

Mr. Abbott partners with his clients to ensure market leading solutions are implemented in to their businesses. He concentrates on managing and negotiating complex technology solutions, which...

Warwick Andersen Technology Lawyer KL Gates

Mr. Andersen is a senior corporate lawyer with a focus on commercial, technology and sourcing projects. He has advised on large scale outsourcing projects, technology agreements for both vendors and customers, corporate support, privacy and telecommunications regulatory work. He has acted for government departments, large listed companies, telecommunications companies and technology suppliers.