Privacy Management Plan

This report outlines the response to the Mandatory Notification Data Breach Scheme that came into effect following amendments to the Privacy and Personal Information Protection Act 1998 in November 2023.

While many elements of that response are internal operational matters, the new requirements impact two public facing policies, as well as the creation of a new publicly available register.

It is proposed that the Data Breach Policy, adopted at the 20 December 2023 Council Meeting be noted as an element of this framework (Resolution 23/273), whilst this report seeks endorsement for the newly created Privacy Management Plan and will be placed on public exhibition for comment prior to adoption by Council.

Background

Amendments to the Privacy and Personal Information Protection Act 1998 (PPIP Act) came into effect on 28 November 2023. The amendments impact the responsibilities of agencies, including local councils, under the PPIP Act, and require agencies to provide notifications to affected individuals in the event of an eligible data breach of their personal or health information by an agency that is subject to the PPIP Act.

The amendments create a Mandatory Notification of Data Breach (MNDB) Scheme, which requires those agencies to notify the Privacy Commissioner and affected individuals of data breaches involving personal or health information likely to result in serious harm. Agencies must make consequential amendments to their Privacy Management Plans to reflect the MNDB Scheme requirements.

Privacy Management Plan

Section 33(2) of the PPIP Act requires any plan to include provisions relating to ‘’the procedures and practices used by the agency to ensure compliance with the obligations and responsibilities set out in Part 6A for the mandatory notification of data breach scheme.’’

Agencies are required to include in their plan, reference to their Data Breach Policy which has already been adopted.

SUBMISSIONS

This draft policy was endorsed at the 23 October Council Meeting to be placed on Public Consultation for a period of no less than 28 days.

Any person may make a written submission to Council on the draft document until 5.00pm Monday 24 November 2025.

Submissions should be made by email to Council@yass.nsw.gov.au or by writing to Public Consultations, Yass Valley Council, 209 Comur Street, Yass, NSW, 2582. 

Thank you for taking the time to share your views.

You can read the documents below.

 

 

 

Related Information

Back to top