Mandatory Notification of Data Breach Scheme

Mandatory Notification of Data Breach Scheme image of words Data Breach
About the Scheme

The Mandatory Notification of Data Breach Scheme (MNDB Scheme) is a requirement for NSW public sector agencies, like Wingecarribee Shire Council, under the Privacy & Personal Information Protection Act 1998. This scheme ensures we notify you if there's a data breach that could seriously affect you.

Learn more about:

  • Data breaches and what they are
  • The types of information Wingecarribee Shire Council holds
  • Breaches that have happened with Wingecarribee Shire Council (breach notification register below)

You can also visit the NSW Information and Privacy Commission for more information about the MNDB Scheme.

FAQs

What is a Data Breach?

A data breach happens when someone gets access to personal information they shouldn't have. This could be by accident, like losing a laptop with your information on it, or on purpose, like hacking into a computer system.

The law considers a data breach serious if it could cause real harm to someone, such as identity theft or financial loss. Wingecarribee Shire Council takes steps to protect your information, but if a serious breach happens, we will let you know.

The MNDB scheme applies to two types of information:

  1. Personal information (as defined in section 4 of PPIPA): This includes things like your name, address, and date of birth, basically anything that could be used to identify you.
  2. Health information (defined in section 6 of the Heath Records and Information Privacy Act 2002 (HRIPA): This covers details about your physical and mental health, disabilities, and any medical care you've received.

Here are some examples of what could lead to a data breach:

  • Losing a laptop, USB drive, or paperwork with personal information
  • Someone hacking into our computer systems
  • Accidentally sending your information to the wrong person
  • Someone tricking a staff member into giving them access to information

We also consider things like equipment failures and malware infections, as they could potentially allow unauthorised access to information.

 

 

 

What can Happen if There's a Data Breach?

  • Losing money because someone steals your information and uses it for fraud.
  • Feeling unsafe if someone gets your information and could use it to harass you.
  • Having trouble getting credit or managing your finances if someone steals your identity.
  • Damage to your reputation or the Council's reputation if personal information is leaked.

 

What are the types of Personal Information does Council hold?

We keep different types of personal information at the council, depending on how you interact with us.

This could be things like:

  • Your contact details if you're a ratepayer
  • Staff information for our employees

Want to know more?

Click here to find out how you can access or update your personal information with Council. 

What can I do if I suspect a Data Breach?

If you suspect a data breach has occurred, please immediately contact Council via mail@wsc.nsw.gov.au or call 02 4868 0888 and ask to speak with a member of our Governance team.

 

What will Council do if there is a Data Breach?

If there's a data breach, we'll investigate

  • We'll look at how serious the breach is. This includes what kind of information was leaked, how sensitive it is, and if it could be misused.

We'll let you know if you're affected

  • If your information was involved, we'll contact you directly to explain what happened and how to protect yourself.
  • If we can't reach you directly, we'll post a notice here on our website for at least a year.

We take data breaches seriously and will work to keep your information safe.

 

Breach Notification Register

Details of data breaches are published in this register when the act requires a person affected by a data breach to be notified but it is not reasonably practicable to notify them individually.

Date of Breach         Type of Breach        Description                           Types Personal Information  Council Actions (Planned/Taken)
         
         
         
         
         

Back to top