Privacy Breaches and Complaints

What is a privacy breach?

A privacy breach occurs when personal information (of a staff, student or community member) is disclosed, lost or disposed of incorrectly. Privacy breaches can happen as a result of human error, a system error or a cybersecurity attack. Some examples of common types of personal data breaches include:

  • personal information being sent to the wrong person by mistake
  • a staff member inappropriately accessing personal information
  • staff taking personal information with them when they leave an organisation
  • security breaches or hacks of computer systems.

The University's Privacy Policy (opens in a new window) sets out our commitment to and obligations under privacy laws.

Reporting potential privacy breaches

If you suspect there has been a privacy breach, or a potential or a verified breach, you should contact the Privacy Officer (opens in a new window) without delay.

Mandatory reporting of privacy breaches

The University must report privacy breaches to the NSW Privacy Commissioner to meet our statutory obligations under the Mandatory Notification of Data Breach (MNDB) Scheme in Part 6A of the Privacy and Personal Information Protection Act 1998 (NSW) (opens in a new window).

The Privacy Data Breach Response Plan (opens in a new window) sets out the procedures to be followed by University staff in response to suspected or actual eligible breaches of University held data.

Register of Public Notifications

The University is required to provide a public notification when it is not reasonably practicable to notify any or all of the individuals affected by the breach directly.

A list of all public notifications made by the University is below. The University will retain notifications in the register for a period of 12 months.

University Data Breach IdentifierDate of data breachDate University became aware of data breachDescription of data breachType of data breach
There have been no notifications made in the previous 12 months.    

Privacy complaints

The Privacy Officer will investigate complaints from individuals about the way in which the University handles their personal or health information. Informal complaints can be made to the Privacy Officer and official complaints can be made by making a request for an Internal Review in writing. All complaints are investigated in accordance with the procedures outlined in the Privacy Management Plan (opens in a new window).

A person may also contact the NSW Information and Privacy Commissioner (IPC) (opens in a new window) to make a complaint. Please be aware that the IPC will usually refer matters back to be handled internally by the University.

For further information, download an Internal Review application form (PDF, 43.49 KB) (opens in a new window) or you may review the Privacy NSW Internal Review Checklist (opens in a new window).

Contact the University’s Privacy Officer (opens in a new window) for more information.