New South Wales Consolidated Acts

PRIVACY AND PERSONAL INFORMATION PROTECTION ACT 1998 - SECT 59W

59W Exemption if serious risk of harm to health and safety

(1) The head of a public sector agency may decide to exempt the agency from Division 3, Subdivision 3 for an eligible data breach to the extent that the head of the agency reasonably believes notification would create a serious risk of harm to an individual's health or safety.

(2) In making a decision under subsection (1), the head of the agency--

(a) must consider the extent to which the harm of notifying the breach is greater than the harm of not notifying the breach, and

(b) must consider the currency of the information relied on in assessing the serious risk of harm to an individual, and

(c) must not search data held by the agency, or require or permit the search of data held by the agency, that was not affected by the breach, to assess the impact of notification, unless the head of the agency knows, or reasonably believes, there is information in the data relevant to whether an exemption under this section applies.

(3) The head of the agency must have regard to the guidelines, prepared by the Privacy Commissioner, in making a decision to exempt the agency under this section.

(4) The exemption may be--

(a) permanent, or

(b) for a specified period, or

(c) until the happening of a particular thing.

(5) The head of the agency must, by written notice given to the Privacy Commissioner, notify the Privacy Commissioner--

(a) that the exemption under this section is relied on, and

(b) the details about whether the exemption is permanent or temporary, and

(c) if the exemption is temporary--of the specified or expected time the exemption is to be relied on.