- Vice-Chancellor's Advisory Board
- Vice-Chancellor and President
- Board of Trustees
- Academic Senate
Office of Governance Services
- - Secretariat
- - Policies
- - Delegations Register
- - Privacy
- - RAMS
- - Governance Resources
- - Senior Officers
- - Conflicts and Material Interests
- - University Elections
- - Education Services for Overseas Students (ESOS)
- Western Sydney University Strategic Plan
- Professoriate Leadership Group
- Contact Us
- Corpus Strategic Funding Areas
Privacy Breaches and Complaints
What is a privacy breach?
A privacy breach occurs when personal information (of a staff, student or community member) is disclosed, lost or disposed of incorrectly. Privacy breaches can happen as a result of human error, a system error or a cybersecurity attack. Some examples of common types of personal data breaches include:
- personal information being sent to the wrong person by mistake
- a staff member inappropriately accessing personal information
- staff taking personal information with them when they leave an organisation
- security breaches or hacks of computer systems.
Reporting potential privacy breaches
If you suspect there has been a privacy breach, or a potential or a verified breach, you should contact the Privacy Officer (opens in a new window) without delay.
Mandatory reporting of privacy breaches
The University must report privacy breaches to the NSW Privacy Commissioner to meet our statutory obligations under the Mandatory Notification of Data Breach (MNDB) Scheme in Part 6A of the Privacy and Personal Information Protection Act 1998 (NSW) (opens in a new window).
The Privacy Data Breach Response Plan (opens in a new window) sets out the procedures to be followed by University staff in response to suspected or actual eligible breaches of University held data.
Register of Public Notifications
The University is required to provide a public notification when it is not reasonably practicable to notify any or all of the individuals affected by the breach directly.
A list of all public notifications made by the University is below. The University will retain notifications in the register for a period of 12 months.
|University Data Breach Identifier
|Date of data breach
|Date University became aware of data breach
|Description of data breach
|Type of data breach
|There have been no notifications made in the previous 12 months.
The Privacy Officer will investigate complaints from individuals about the way in which the University handles their personal or health information. Informal complaints can be made to the Privacy Officer and official complaints can be made by making a request for an Internal Review in writing. All complaints are investigated in accordance with the procedures outlined in the Privacy Management Plan (opens in a new window).
A person may also contact the NSW Information and Privacy Commissioner (IPC) (opens in a new window) to make a complaint. Please be aware that the IPC will usually refer matters back to be handled internally by the University.
Contact the University’s Privacy Officer (opens in a new window) for more information.