PRIVACY AND PERSONAL INFORMATION PROTECTION ACT 1998 - SECT 59E Requirements for public sector agency

New South Wales Consolidated Acts

[Index] [Table] [Search] [Search this Act] [Notes] [Noteup] [Previous] [Next] [Download] [History] [Help]

PRIVACY AND PERSONAL INFORMATION PROTECTION ACT 1998 - SECT 59E

Requirements for public sector agency

59E Requirements for public sector agency

(1) This section applies if an officer or employee of a public sector agency is aware that there are reasonable grounds to suspect there may have been an eligible data breach of the agency.

(2) The officer or employee must report the data breach to the head of the public sector agency and the head of the agency must--
(a) immediately make all reasonable efforts to contain the data breach, and

(b) within 30 days after the officer or employee of the agency becomes aware as mentioned in subsection (1)--carry out an assessment of whether the data breach is, or there are reasonable grounds to believe the data breach is, an eligible data breach (an
"assessment" ).

(3) An assessment must be carried out in an expeditious way.

(4) Subsection (2)(b) is subject to an extension approved under section 59K.

AustLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback