NSWIn ForceAct
Privacy and Personal Information Protection Act 1998
59UExemption if public sector agency has taken certain action
Start here
Get a plain-English read of 59U
Turn the raw legal text into a practical explanation grounded in Privacy and Personal Information Protection Act 1998.
#### 59U Exemption if public sector agency has taken certain action
59U Exemption if public sector agency has taken certain action
> The head of a public sector agency is exempt from Division 3, Subdivision 3 if—
>
> > (a) for an eligible data breach involving unauthorised access to, or disclosure of, personal information held by the agency—
> >
> > > (i) the agency the subject of the breach takes action to mitigate the harm done by the breach, and
> >
> > > (ii) the action is taken before the access to or disclosure of information results in serious harm to an individual, and
> >
> > > (iii) because of the action taken, a reasonable person would conclude that the access or disclosure would not be likely to result in serious harm to an individual, or
>
> > (b) for an eligible data breach involving the loss of personal information held by the agency—
> >
> > > (i) the agency the subject of the breach takes action to mitigate the loss, and
> >
> > > (ii) the action is taken before there is unauthorised access to, or unauthorised disclosure of, the information, and
> >
> > > (iii) because of the action taken, there is no unauthorised access to, or unauthorised disclosure of, the information.
>
> **s 59U:** Ins 2022 No 74, Sch 1\[11\].