From November this year, UNSW will have a new mandatory requirement to report certain types of data breaches, known as “eligible data breaches”, to the NSW Privacy Commissioner.
Eligible data breaches involve unauthorised access to, disclosure or loss of personal information held by UNSW. Staff must report all data breaches to firstname.lastname@example.org. If the UNSW Data Breach Management Committee identifies an eligible data breach, it will notify the NSW Privacy Commissioner and affected individuals.
Under the new requirements, UNSW will also establish and maintain a public register of any notifications.
The UNSW Data Breach Policy and Procedure is being updated to provide clear guidance to staff. A consultation draft will be available for comment on the Governance website soon.