icare Public Data Breach Notification Register

This page provides details of any public data breach notifications that icare has made under the Privacy and Personal Information Protection Act 1998 (NSW) (PPIP Act).

Public Notification Register

icare currently has no public data breach notifications listed on the Register.

About the Public Notification Register

Part 6A of the Privacy and Personal Information Act 1998 (PPIP Act) establishes the Mandatory Notification of Data Breaches Scheme (MNDB Scheme). Further information about the MNDB Scheme is available from the Information and Privacy Commission NSW.

icare must maintain and publish (on our website) this public notification register for any public data breach notifications that icare has issued under the MNDB Scheme.

A "public data breach notification" is a notification made to the public at large rather than a direct notification to an identified individual.

Public data breach notifications can occur in two circumstances:

  1. where icare is unable, or it is not practical, to notify any or all of the individuals affected by the breach directly, or
  2. where icare decides to make a public notification.

The purpose of this register is to ensure that those we serve are able to access sufficient information about eligible data breaches to determine whether they may be affected by the breach and take action to protect their personal information.

What information is included in the Register

This register generally includes the following information about each public notification made by icare under the MNDB Scheme:

  • date the breach occurred
  • a description of the breach
  • how the breach occurred
  • the type of breach (unauthorised disclosure, access or loss of information)
  • the kinds of personal information that was impacted by the breach
  • the amount of time the personal information was disclosed for•
  • actions taken or planned to ensure that personal information is secure and to mitigate any harm
  • any recommended steps that affected individuals should take to protect themselves (if any)
  • the name of any other NSW government agency involved in the breach (if any and where permitted)
  • contact details for further information about the breach
  • the date the notification was published
  • a link to the full public notification.

How long information is published on the Register

Public notifications are required to be published on this Register for at least 12 months. No information will be shown on the Register if there are no notifications currently required to be published.