Data Breach Policy and Notification Register

Data Breach Policy and Notification Register 

Part 6A of the Privacy and Personal Information Protection Act 1998 (NSW) (the PPIP Act) sets out obligations for public sector agencies, including the Cancer Institute NSW, in relation to data breaches involving personal and health information. These obligations include a requirement to prepare and publish a data breach policy and to keep a register of public notifications made to affected individuals. 

About the data breach policy 

The Data Breach Policy outlines the minimum requirements and standards for the Cancer Institute NSW to ensure data breaches involving personal or health information are managed in compliance with the Mandatory Notification of Data Breach (MNDB) Scheme. Further information and resources on the MNDB Scheme are available on the website of the NSW Information and Privacy Commission. 

Register of public notifications

The PPIP Act requires public sector agencies to maintain a register of all public notifications of eligible data breaches and to make this register available on their website. A public notification is provided when it is not reasonably practicable to notify any or all of the individuals affected by the breach directly. 

Below is a register of all public notifications made by the Cancer Institute NSW in the past 12 months for eligible data breaches involving the Institute. The purpose of the register is to enable individuals to determine if they may have been affected by data breach and to take appropriate action to protect their personal information if necessary. 

Links to public notifications 

There are no public notifications at this time. 

Data Breach Register 

• Cancer Institute NSW Data Breach Identifier - N/A - There have been no notifications made in the previous 12 months. 
• Date of data breach Date the Institute became aware of the data breach 
• Description of data breach Type of data breach