In late 2022, the NSW Government passed the Privacy and Personal Information Protection (“PPIP”) Amendment Act, which will come into effect on 28 November 2023.
This will have a significant impact on many public sector clients, especially those in Local Government, State-owned Corporations and higher education who are not already subject to the Privacy Act 1988 of the Commonwealth.
Mandatory Compliance is Important
One of the most significant impacts of the PPIP Amendment Act is the “mandatory notification of data breach scheme.” To comply with the Act, your organisation must have completed or have in place the following:
Data Breach Reporting and Mitigation
Under the Act, organisations must investigate if any employee has reasonable grounds to suspect that a breach has occurred. This must be reported to the head of the agency or organisation, who must immediately make all reasonable efforts to contain the data breach and ensure that within 30 days an investigation is carried out to assess if there was an eligible data breach.
Heads of organisations are responsible for the immediate notification of the eligible data breach to the Privacy Commissioner.
A key principle that must be applied under the Act is that organisations address the mitigation of harm done by the suspected data breach. This would include management of public relations and media interest in the incident. Ensuring that the public relations and media unit’s roles are clearly defined and tested in the response plan is critical to ensuring that this principle is met.
How Centium Can Help
Centium is experienced in helping organisations minimise their risk of non-compliance with the Act by providing tailored assistance and support services through:
How to get in touch with Centium