Data Breaches

If personal information held by Council is accessed or disclosed when it should not have been, this may be a data breach. Data breaches can occur if personal information may have been lost, stolen or released incorrectly.  This IPC Fact Sheet provides more detailed information on what is an ‘eligible breach’, how a data breach may occur and your rights to be notified if a breach has occurred.  

Data Breach vs Privacy Complaint 

If you suspect Council has disclosed your personal information in a way it shouldn’t have, or you believe Council has disclosed someone else’s personal information (because for example you received another person’s information in error), you can notify Council of a suspected data breach by completing this form. Please note, this report will only serve to notify Council of the suspected breach. Council will acknowledge your report   and advise you of the process going forward. Council is required to undertake an assessment within 30 calendar days as to whether the suspected data breach would pose serious risk of harm to affected individuals. The outcome of the assessment would result in response actions that Council would manage as agreed for each individual incident. 

Data Breach Notification Form

Data Breach Requirements  

The Privacy and Personal Information Act 1998 (NSW) (PPIP Act) requires Council to comply with the Mandatory Notification of Data Breach (MNDB) Scheme for recording and ensuring a public register of notification of data breaches is upheld.  

Council’s Data Breach – Operational Policy outlines how Council manages and complies with the above legislation in response to any data breach.  

Public Notification Register 

In the occurrence of a data breach, affected individuals are required to be notified. If Council is unable to notify any/all individuals, a public notification will be published in compliance with the MNDB Scheme via the Public Notification Register below.  

Any notifications will remain published here for a period of 12 months.