UNSW Sydney staff will be better protected against data breaches, and the University better prepared to manage them when they occur, under a new data breach policy and management process.
The new measures are partly in response to the University's decision to voluntarily report data breaches, even though this is not required under law. The Notifiable Data Breaches (NDB) scheme under Part IIIC of the Commonwealth Privacy Act 1988 (Privacy Act) went live in February 2018 and requires entities to notify individuals who may be at risk of serious harm because their personal information has been breached. UNSW, however, comes under the NSW Privacy and Personal Information Protection Act 1998 (PPIP Act), but has decided to act in the spirit of the federal legislation.
The new Data Breach Policy and Data Breach Management process are outlined on the new data governance website, which is designed to help staff with data management questions. The new website is at https://www.datagovernance.unsw.edu.au/
If you have any queries about the new policy or process please contact the Data & Information Governance Office.