Council CONNECT May 2018 9 Corporate & Commercial Or perhaps the Government was simply acting as a good citizen, reporting breaches that others might have swept under the carpet. If so, the Notifiable Data Breaches Act now puts pressure on those others to also do the right thing. The new Act amends the Privacy Act 1988 (Cth) (Privacy Act) to introduce Part IIIC – the Notifiable Data Breaches Scheme. The Scheme, which applies to agencies and organisations covered by the Privacy Act, requires them to notify an individual likely to be at risk of serious harm due to a data breach. What about the NSW Public Sector’s Data Breach obligations? Generally, NSW public sector agencies are not regulated by the Privacy Act. However, given the expectation on such agencies to act as model citizens, they should take note of the Notifiable Data Breaches Scheme. Until the introduction on 22 February, 2018 of the Privacy Amendment (Notifiable Data Breaches) Act 2017 (Cth) (NDB Act), Australia’s mandatory data breach notification laws were limited.