Part 6A of the Privacy and Personal Information Protection Act 1998 (NSW) (the PPIP Act) sets out obligations for public sector agencies, including NSW Health organisations, in relation to data breaches involving personal and health information. These obligations include a requirement to prepare and publish a data breach policy and to keep a register of public notifications made to affected individuals.
The Data Breach Policy outlines the minimum requirements and standards across NSW Health to ensure data breaches involving personal or health information are managed in compliance with the Mandatory Notification of Data Breach (MNDB) Scheme.
Further information and resources on the MNDB Scheme are available on the website of the NSW Information and Privacy Commission.
The PPIP Act requires public sector agencies to maintain a register of all public notifications of eligible data breaches and to make this register available on their website. A public notification is provided when it is not reasonably practicable to notify any or all of the individuals affected by the breach directly.
Below is a register of all public notifications made by the Ministry of Health in the past 12 months for eligible data breaches involving the Ministry. Each NSW Health organisation, such as NSW local health districts, must maintain their own register of public notifications, which can be found on their respective websites.
The purpose of the register is to enable individuals to determine if they may have been affected by a Ministry of Health data breach and to take appropriate action to protect their personal information if necessary.
There are no public notifications at this time.
