NSWIn ForceAct
Privacy and Personal Information Protection Act 1998
59ZEEligible data breach incident register
Start here
Get a plain-English read of 59ZE
Turn the raw legal text into a practical explanation grounded in Privacy and Personal Information Protection Act 1998.
#### 59ZE Eligible data breach incident register
59ZE Eligible data breach incident register
> > (1) The head of a public sector agency must establish and maintain an internal register for eligible data breaches.
>
> > (2) The register must include details of the following, where practicable, for all eligible data breaches—
> >
> > > (a) who was notified of the breach,
> >
> > > (b) when the breach was notified,
> >
> > > (c) the type of breach,
> >
> > > (d) details of steps taken by the public sector agency to mitigate harm done by the breach,
> >
> > > (e) details of the actions taken to prevent future breaches,
> >
> > > (f) the estimated cost of the breach.
>
> **s 59ZE:** Ins 2022 No 74, Sch 1\[11\].