The Privacy and Personal Information Protection (PPIP) Act 1998 NSW - ​Part 6A - establishes obligations in relation to data breaches involving personal and health information. These obligations apply to NSW public sector agencies, including the NSW Agency for Clinical Innovation (ACI). Obligations include:
- preparing and publishing a data breach policy
- keeping a register of public notifications made to affected individuals
The Data Breach Policy outlines the minimum requirements and standards across NSW Health agencies. They ensure data breaches involving personal or health information are managed by the ACI in compliance with the NSW Mandatory Notification of Data Breach (MNDB) Scheme.
Register of public notifications
The PPIP Act requires public sector agencies to maintain a register of all public notifications and eligible data breaches and make sure it is available on their website.
A public notification is provided by the ACI when it is not practical to notify individuals affected by the breach directly.
The register enables individuals to determine if they have been affected by an ACI data breach and take appropriate action to protect their personal information if necessary.
Public notifications
There are currently no public notifications.
Data breach register
There have been no notifications for eligible data breaches made in the previous 12 months.