Draft Central Coast Data Breach Policy
We are seeking your feedback on the Draft Central Coast Data Breach Policy. Council prioritises protecting our community's information from potential risks while ensuring we have appropriate measures in the event of an unforeseen data breach. The purpose of the proposed Policy is to outline:
- how Council will identify, assess, manage and respond to data breaches
- the roles and responsibilities within Council for reviewing and managing data breaches
- the steps involved in responding to a data breach e.g. reviewing systems, policies and procedures to prevent future breaches
Amendments to the Privacy and Personal Information Protection Act 1998 (PPIP Act) came into effect on 28 November 2023. A key change to the Act was the creation of a Mandatory Notification of Data Breach (MNDB) Scheme which requires public sector agencies (such as Council) bound by the PPIP Act to notify the Privacy Commissioner and affected individuals of data breaches involving personal or health information likely to result in serious harm.
Council previously adopted a Data Breach Policy and associated Procedure in 2021; however, due to the changes to the PPIP Act, the proposed Policy has been reviewed to align with the new requirements of the MNDB Scheme as well as ensure harmonisation with the newly reviewed Privacy Management Plan Policy.
Have Your Say
Between 13 December 2023 and 13 February 2024, we sought community feedback and encouraged written submissions.