Mandatory Notification of Data Breach Scheme

The Mandatory Notification of Data Breach (MNDB) Scheme (MNDB Scheme) impacts the responsibilities of agencies under the Privacy and Personal Information Protection Act 1998 (PPIP Act). It requires agencies to notify the Privacy Commissioner and provide notifications to affected individuals in the event of an eligible data breach of their personal or health information by a NSW public sector agency or state-owned corporation subject to the PPIP Act.

More Information about the MNDB Scheme can be found in Part 6A of the Privacy and Personal Information Protection Act 1998. 

The MNDB Scheme requires agencies to satisfy other data management requirements, including to maintain an internal data breach incident register, and have a publicly accessible data breach policy.

You can refer to the IPC’s new and updated resources in relation to the MNDB Scheme for further information.

Reporting information about the MNDB Scheme is available via the Reporting on the Scheme page. Annual summary data will also be included in the IPC Annual Report. Annual summary data will also be included in the IPC Annual Report.