Get all your news in one place.
100’s of premium titles.
One app.
Start reading
ABC News
ABC News
Business

NSW government agencies legally required to report data breaches under proposed law

NSW government agencies will legally be required to report customer data breaches like cyber attacks if a new bill is passed through parliament.  

State government agencies will need to notify customers of a breach within 30 days under the proposed data protection law. 

NSW Attorney-General Mark Speakman said the law would make sure people know "fairly promptly" that there had been a data breach.

"They can take their own steps to mitigate the harm, but in the meantime, the public sector agency will also be required to take reasonable steps to manage the situation," Mr Speakman said.

The Privacy and Personal Information Protection Amendment Bill provides a blueprint government agencies need to follow to protect data.

This includes taking steps to mitigate the harm of a data breach and creating an internal register to document those breaches.

Its introduction comes after a spate of cyber attacks on companies including Optus and Medibank jeopardised the data security of millions of people.

Mr Speakman told the ABC the bill had wide support, and he believed it could clear parliament in the next fortnight.

"There are ongoing cyber threats to public sector agencies," he said.

"Sometimes the data breach can be because of hacking and other times it can be because of carelessness.

"As a government, we're doing everything we can to protect citizens' data."

Mr Speakman said the agencies impacted – which includes local councils, statutory authorities and some universities – will have a year to put the necessary systems in place.

NSW Labor leader Chris Minns described the bill as a "common sense" measure.

"I'd like to speak to technology experts about whether it's possible to notify people in an earlier way and to make sure the government is able to comply with those changed rules," he told the ABC.

"If we see, at the end of the day, it makes sense and the government is able to comply with it via its agencies, then we would be supportive of it."

In September, Optus announced it was impacted by a cyber attack. Hackers stole customer information ranging from particulars to ID numbers including passports and driver's licences.

Health insurer Medibank was targeted in an attack in October, revealing the personal information of about 9.7 million current and former customers had been accessed.

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.