Council ordered to address personal information security breach

On 17 March 2021 the NSW Civil and Administrative Tribunal (NCAT) made Orders requiring Council to:

  1. perform IPP 5 by implementing such security safeguards as are reasonable in the circumstances against loss, unauthorised access, use, modification or disclosure and against all other misuse for all of personal information it holds in physical form; and
  2. implement such administrative measures necessary to ensure that the conduct of concern will not occur again. Such security safeguards and administrative measures must include details as to when and in what circumstances an internal review of an incident will be sufficient and when an external independent review of an incident is required.
  3. amend its Privacy Management Plan to reflect the security safeguards implemented in accordance with the above.

Council has taken immediate steps to review its Privacy Management Plan.

A full copy of the NCAT decision is available at https://www.caselaw.nsw.gov.au/decision/178392083def7e167fe764ba

Posted on 19 April 2021

Back to Listing
North Sydney Council