Privacy Breaches and Complaints

For information and enquiries relating to the cyber incident notification made on 31 July 2024, please visit our Cyber Incident website.

Privacy Breaches

A privacy breach occurs when personal information (e.g. of a staff, student, or community member) that is held by the University as a public sector agency is disclosed, lost, or disposed of incorrectly. Privacy breaches can happen as a result of human error, a system error, or a cybersecurity attack. Some examples of common types of privacy breaches include:

personal information being sent to the wrong person by mistake
a staff member inappropriately accessing personal information
staff taking personal information with them when they leave an organisation
security breaches or hacks of computer systems.

The University's Privacy Policy (opens in a new window) sets out our commitment to and obligations under privacy laws.

Mandatory reporting of privacy breaches

The University must report privacy breaches to the NSW Privacy Commissioner to meet our statutory obligations under the Mandatory Notification of Data Breach (MNDB) Scheme in Part 6A of the Privacy and Personal Information Protection Act 1998 (NSW) (opens in a new window).

The Privacy Data Breach Response Plan (opens in a new window) sets out the procedures to be followed by University staff in response to suspected or actual eligible breaches of University held data.

If you suspect a privacy breach, whether potential or verified, you should contact the Privacy Officer (opens in a new window) without delay.

Privacy complaints including internal reviews

The Privacy Officer investigates complaints from individuals about the way in which the University handles their personal or health information. Complaints can be received by the Privacy Officer in the following ways:

Directly to the Privacy Officer – known as informal complaints
Completing an Internal Review application form (opens in a new window) - known as official complaints.
- Also review the Privacy NSW Internal Review Checklist (opens in a new window).

A person may also contact the Information and Privacy Commission New South Wales (opens in a new window) to make a complaint. Please be aware that the IPC will usually refer matters back to be handled internally by the University.

All complaints are investigated in accordance with the procedures outlined in the Privacy Management Plan (opens in a new window).

Privacy Breaches and Complaints