NSW holds government agencies accountable for data breaches

NSW holds government agencies accountable for data breaches

In a national first, the New South Wales government is set to pass new legislation that introduces a mandatory data breach notification system for public sector agencies, while setting new standards for accountability and of transparency.

The Privacy and Personal Information Protection Amendment Bill 2022 has been a long time coming, with former Privacy Commissioner Elizabeth Coombs initially calling for changes that would require agencies to notify the Privacy Commission and affected individuals in the event of a data breach seven years ago.

“Every day, people in NSW offer their personal information to government agencies, which is an important commitment of trust,” Attorney General Mark Speakman said.

“In doing so, they enable the government to provide them with quality connected services and the information needed to continually improve those services to best meet their needs.

“In turn, the government has a responsibility to effectively and proactively protect and respect this personal information.

“Once passed, this new law will ensure consistency between public sector agencies by requiring public sector agencies to notify the Privacy Commissioner and those affected by a data breach involving personal information that may be compromised. ‘result in serious harm,’ Speakman added.

“Agencies will also need to meet a number of data management requirements, including making reasonable efforts to mitigate the damage caused by a data breach, maintaining an internal record of data breach incidents, and having a publicly available data breach policy.”

Australia has become a major cybercrime target in recent months, which has seen a barrage of breaches with Optus, Medibank, defense contractor ForceNet and more.


According to the Australian National University, around one in three Australians (32.1%) have been exposed to data breaches in the past 12 months. This equates to approximately 6.4 million people.

Victor Dominello, NSW’s Minister for Customer Service and Digital Government, said the government was making major investments in the state’s cybersecurity and the protection of personal information and data.

“Protecting the privacy of individuals is crucial to ensuring public confidence in government agencies in New South Wales. It is imperative that the highest standards of privacy and security prevail to protect data,” said Dominello.

“The NSW Government has made significant investments to protect citizens’ data, including funding $315 million to bolster our cyber systems and launching ID Support NSW to help those affected by identity theft.

“The bill will provide greater certainty to the public and government agencies regarding personal information and the steps required in the event of a data breach.

“A mandatory notification system also ensures that the ability of a concerned citizen to take their own protective measures is a primary consideration in any response to a data breach.”

The proposed new legislation follows federal government efforts to further penalize companies and institutions for data breaches.

The bill, which passed the lower house, would mean that companies that fail to secure important data could face penalties of tens of millions to hundreds of millions of dollars.

NSW holds government agencies accountable for data breaches

cyber security logo

Last update: November 10, 2022

Posted: November 10, 2022

Ashley C. Reynolds