PPIP Amendment Bill assented to in NSW Parliament

NSW Privacy Commissioner

The NSW Privacy Commissioner, Samantha Gavel, welcomes amendments to the  Privacy and Personal Information Protection Act 1998 (PPIP Act) which were assented to  in NSW Parliament on 28 November 2022. 

The Privacy and Personal Information Protection Amendment Bill 2022 was introduced in  Parliament by Attorney General, the Hon. Mark Speakman SC MP, on 9 November 2022  and passed Parliament on 16 November 2022. 

The amendments to the PPIP Act will come into effect 12 months following assent, from  28 November 2023. They aim to strengthen privacy legislation in NSW by: 

  • creating a Mandatory Notification of Data Breaches (MNDB) Scheme which will  require public sector agencies bound by the PPIP Act to notify the Privacy  Commissioner and affected individuals of data breaches involving personal or  health information likely to result in serious harm 
  • applying the PPIP Act to all NSW state-owned corporations that are not regulated  by the Commonwealth Privacy Act 1988 
  • repealing s117C of the Fines Act 1996 to ensure that all NSW public sector  agencies are regulated by the same mandatory notification scheme. 

The MNDB Scheme will require agencies to satisfy other data management requirements,  including to maintain an internal data breach incident register, and have a publicly  accessible data breach policy. 

Ahead of the Scheme’s implementation, the Information and Privacy Commission NSW  (IPC) will work with agencies covered under the PPIP Act and release guidance and  resources to ensure they have the required systems, processes and capability in place. 

The IPC will develop a suite of new resources and guidance for both NSW agencies and  citizens. This will include new guidelines on the details of the MNDB Scheme including  defining eligible data breaches, notification exemptions, and agency guides to comply with  the new legislative requirements. Resources will also include information on the steps to  take following an eligible breach and how to prepare compliant policies and procedures.  

The IPC will also develop e-learning modules for agencies to undertake training on the  changes, resources for citizens such as fact sheets and animations to understand their  rights and processes under the amendments, and update existing agency guidance to  align with the changes. 

The Privacy Commissioner said, “I am looking forward to working with agencies to assist  them in preparing for the MNDB Scheme and enhance their privacy systems and  capability.

“A positive outcome from the PPIP Act amendments is that we are now getting state owned corporations on board and ensuring that NSW agencies are practising responsible  privacy governance that is consistent across government.” 

Details about the amendments to the PPIP Act can be found on the NSW Parliament website.

/Public Release. This material from the originating organization/author(s) may be of a point-in-time nature, edited for clarity, style and length. The views and opinions expressed are those of the author(s).View in full here.