In response to the growing threat of data breaches, the NSW government has introduced a new measure to bolster personal consumer information protection.
Public sector agencies will be required to notify the privacy commissioner if there is a suspected data breach involving personal information that is likely to result in “serious harm”, following the Parliament’s approval of the Privacy and Personal Information Protection Amendment Bill 2022 on 16 November.
The measure — which is the first of its kind across the country — is due to come into force next year, providing a 12-month transition period intended to allow enough time for agencies to prepare appropriate systems and processes to fulfil their new compliance obligations.
The scheme will apply to all public sector agencies as defined in the new laws, including all NSW agencies and departments, statutory authorities, local councils, and bodies whose accounts are subject to the Auditor-General and some universities.
Under the new law, government agencies will also have to satisfy a number of data management requirements, including maintaining an internal data breach incident register and having a publicly accessible data breach policy.
Attorney-General Mark Speakman stated that the new measure fulfils the NSW government’s commitment to strengthen privacy protections for personal data.
“Every day, the people of NSW offer their personal information to government agencies, which is a significant undertaking of trust.
“In return, the government recognises it has a responsibility to effectively and proactively protect and respect that personal information. These reforms will make that responsibility law,” he stated.
Aside from establishing new standards of accountability and transparency around the protection of consumers’ personal information, Mr Speakman added that the measure would build “greater openness” while improving consistency across all public sector agencies.
“Importantly, it will give individuals information about the need to reduce their risk of harm following a serious data breach and help agencies respond properly,” he said.
Minister for Customer Service and Digital Government Victor Dominello said the new laws are a testament to the state government’s commitment to strengthening privacy protections and digital governance for the best interest of consumers.
“The NSW government consulted extensively on these reforms to ensure the scheme strikes the right balance between improving privacy protections for NSW citizens and being practical enough for government agencies to take appropriate steps in a potential data breach response,” Mr Dominello said.
The introduction of the mandatory notification scheme is the latest step by the NSW government to add layers of protection for the state citizens’ data.
Mr Dominello added that since June 2020, the NSW government had invested $315 million through the digital restart fund to bolster the state’s cyber systems. Additionally, an ID Support NSW has also been launched to provide support to those impacted by identity theft.
“The bill will provide greater certainty for the public and government agencies regarding personal information and the steps required if a data breach occurs.
“A mandatory notification scheme also ensures that the ability for an affected citizen to take their own protective action is a primary consideration in any data breach response,” he stated.
You are not authorised to post comments.
Comments will undergo moderation before they get published.