New South Wales Consolidated Acts

PRIVACY AND PERSONAL INFORMATION PROTECTION ACT 1998 - SECT 59ZE

59ZE Eligible data breach incident register

(1) The head of a public sector agency must establish and maintain an internal register for eligible data breaches.

(2) The register must include details of the following, where practicable, for all eligible data breaches--

(a) who was notified of the breach,

(b) when the breach was notified,

(c) the type of breach,

(d) details of steps taken by the public sector agency to mitigate harm done by the breach,

(e) details of the actions taken to prevent future breaches,

(f) the estimated cost of the breach.