Part 6A of the Privacy and Personal Information Protection Act 1998 (NSW) (the PPIP Act) sets out obligations for public sector agencies, including NSW Health organisations, in relation to data breaches involving personal and health information. These obligations include a requirement to prepare and publish a data breach policy and to keep a register of public notifications made to affected individuals.

About the data breach policy

The Data Breach Policy outlines the minimum requirements and standards across NSW Health to ensure data breaches involving personal or health information are managed in compliance with the Mandatory Notification of Data Breach (MNDB) Scheme.

Further information and resources on the MNDB Scheme are available on the website of the NSW Information and Privacy Commission.

Register of public notifications

The PPIP Act requires public sector agencies to maintain a register of all public notifications of eligible data breaches and to make this register available on their website. A public notification is provided when it is not reasonably practicable to notify any or all of the individuals affected by the breach directly.

Below is a register of all public notifications made by the Ministry of Health in the past 12 months for eligible data breaches involving the Ministry. Each NSW Health organisation, such as NSW local health districts, must maintain their own register of public notifications, which can be found on their respective websites.

The purpose of the register is to enable individuals to determine if they may have been affected by a Ministry of Health data breach and to take appropriate action to protect their personal information if necessary.

Links to public notifications

There are no public notifications at this time.

Data Breach Register

  • Ministry of Health Data Breach Identifier - N/A - There have been no notifications made in the previous 12 months.
  • Date of data breach
  • Date Ministry became aware of data breach
  • Description of data breach
  • Type of data breach

Current as at: Friday 13 September 2024
Contact page owner: Compliance