NSWIn ForceAct
Privacy and Personal Information Protection Act 1998
59ERequirements for public sector agency
Start here
Get a plain-English read of 59E
Turn the raw legal text into a practical explanation grounded in Privacy and Personal Information Protection Act 1998.
#### 59E Requirements for public sector agency
59E Requirements for public sector agency
> > (1) This section applies if an officer or employee of a public sector agency is aware that there are reasonable grounds to suspect there may have been an eligible data breach of the agency.
>
> > (2) The officer or employee must report the data breach to the head of the public sector agency and the head of the agency must—
> >
> > > (a) immediately make all reasonable efforts to contain the data breach, and
> >
> > > (b) within 30 days after the officer or employee of the agency becomes aware as mentioned in subsection (1)—carry out an assessment of whether the data breach is, or there are reasonable grounds to believe the data breach is, an eligible data breach (an assessment).
>
> > (3) An assessment must be carried out in an expeditious way.
>
> > (4) Subsection (2)(b) is subject to an extension approved under section 59K.
>
> **s 59E:** Ins 2009 No 54, Sch 1 \[1\] (transferred from the Freedom of Information Act 1989 No 5). Renumbered and am 2009 No 54, Sch 1 \[1\]–\[11\]). Rep 2010 No 71, Sch 1 \[10\]. Ins 2022 No 74, Sch 1\[11\].