Privacy Breaches and Complaints
For information relating to the cyber incident notifications, please visit our Cyber Incident website.
Privacy Breaches
A privacy breach occurs when personal information held by the University is lost, accessed, used, disclosed, or disposed of incorrectly.
Privacy breaches may arise from:
- human error
- system or process failures
- cybersecurity incidents
Common examples include:
- personal information sent to the wrong recipient
- unauthorised access to personal information by staff
- personal information retained or removed inappropriately
- compromise of systems through security incidents or cyber attacks
The University’s Privacy Policy outlines its obligations and approach to managing personal information.
The University is required to report eligible data breaches to the Australian and NSW Privacy Commissions under the relevant Mandatory Notification of Data Breach Schemes.
The Privacy Data Breach Response Plan within the PMP sets out the procedures for managing suspected or confirmed privacy breaches.
If you suspect a privacy breach (whether potential or confirmed), please contact the Privacy Officer as soon as practicable.
The University manages complaints relating to how personal or health information is handled, in accordance with the Privacy Management Plan.
The Privacy Officer may address complaints directly or through a formal internal review process under legislation.
Individuals may alternatively contact the Information and Privacy Commission New South Wales (IPC). In most cases, the IPC will refer matters back to the University for internal review in the first instance.
View Internal Review Workflow Graph [[link]]