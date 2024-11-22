What’s new or changing? The Acting Privacy Commissioner has released the first Mandatory Notification of Data Breach Scheme (MNDB Scheme) Trends Report (the Report) for November 2023 to June 2024.

The Report provides preliminary insights into the operation of the MNDB Scheme following its commencement in November 2023.

It draws from the statistical data from notifications received and the Information and Privacy Commission’s (IPC) broader engagement with agencies. What will this mean for council? The Report provides useful insights that councils may draw from to uplift their data breach preparedness and understanding.

Council staff can be its most valuable asset in ensuring that personal information is safely and securely handled. Councils should build a pro-privacy culture, invest in training on end-to-end information management, document security and privacy awareness, and embed robust privacy practices into the design of systems and processes. Key points The MNDB Scheme requires NSW public sector agencies, including councils, to notify the Privacy Commissioner and provide notifications to affected individuals in the event of an eligible data breach subject to the Privacy and Personal Information Protection Act 1998.

The MNDB Scheme also requires the local government sector to satisfy other data management requirements, including to maintain an internal data breach incident register, and have a publicly accessible data breach policy.

The Report shows that: 78% of notifications from the local government sector were attributable to human error. Human error was the dominant cause of data breaches across all sectors 22% of notifications for the local government sector involved a criminal or malicious attack 11% of all notifications from the local government sector involved a systems fault 7,054 individuals were affected by a council data breach.

Cyber security for local government is an area requiring attention, having regard to the total number of cyber incidents notified during the reporting period.

Data breach readiness is key to responding to data breaches in a timely, effective and efficient manner.

Delegations should be made to officers with the appropriate level of seniority and necessary expertise to respond to a data breach.

Notifications to affected individuals are most effective when they provide clear advice on what happened and what steps an individual should take. Provision of assistance should be meaningful and comprehensive. Councils should recognise that the nature of assistance may differ in individual circumstances.

Councils should consider their data breach response plans and service contracts to ensure that they adequately address their data breach requirements under the MNDB Scheme. Where to go for further information Danny Lester A/Deputy Secretary Office of Local Government

Legal Disclaimer:

EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.