NSW's new information and privacy committee to advise government on best practices

To be chaired by NSW Information Commissioner Elizabeth Tydd, the committee will advise the state government on how to best deliver information and privacy management practices.

New NSW information and privacy committee to advise government on best practices

A new committee has been set up by the New South Wales government to provide it with information, advice, assistance, and training on how to best deliver information and privacy management practices in government, as well as facilitate collaboration between government, industry, and academia.

The Information and Privacy Advisory Committee will be responsible for advising the Information and Privacy Commission NSW, the Minister for Customer Service Victor Dominello, and the Attorney-General and Minister for the Prevention of Domestic Violence Mark Speakman.

"The digital age presents many opportunities, but it is important that our policies and laws reflect its challenges," Dominello said.

Appointed to chair the committee is NSW Information Commissioner Elizabeth Tydd. She will be joined by NSW Privacy Commissioner Samantha Gavel, NSW government chief data scientist Ian Oppermann, Australian Institute of Health and Welfare CEO Barry Sandison, Allens Hub technology, law, and innovation director and University of New South Wales (UNSW) faculty of law professor Lyria-Bennett Moses, Information Integrity Solutions founder Malcolm Crompton, NSW Department of Communities and Justice executive director of justice strategy and policy Paul McKnight, and Data Synergies principal and UNSW Business School practice professor Peter Leonard.

"This new committee will bring together specialists from a range of sectors -- including data science, technology, business and law -- to ensure we remain at the forefront of these issues," Dominello said.

See also: Digital venue registrations for contact tracing will be mandatory across NSW  

In addition to the core members, NSW government said experts in relevant areas may also be invited to attend and contribute as required by the committee.

"The committee has the expertise to provide assistance to public sector agencies in adopting and complying with information governance in a contemporary public sector context, including access to information rights, with information protection principles, and implementing privacy management plans in ways that account for these challenges," Tydd said.

The launch of the committee will add to ongoing efforts the state government has been making when it comes to addressing information privacy.

In June, the state government announced its intentions to stand up a sector-wide cybersecurity strategy, which would supersede the cybersecurity strategy that was last updated in 2018.

The plan to create a new security document followed a AU$240 million commitment to improve NSW's cybersecurity capabilities, including investments towards protecting existing systems, deploying new technologies, and increasing the cyber workforce. With that funding, it announced plans to create an "army" of cyber experts.

In a vow to keep customer data safe, the state government set up a dedicated cyber and privacy resilience group in October.

NSW Department of Customer Service Secretary Emma Hogan, who is the chair of the new group, said at the time that setting up the taskforce was in response to the cyber attack the state government suffered earlier this year.  

The breach resulted in 73GB of data, which comprised of 3.8 million documents, being stolen from staff email accounts. The breach impacted 186,000 customers.

Budget papers revealed in November the cyber attack would cost Service NSW AU$7 million in legal and investigation fees.

But this is not the only cyber incident that the state government has suffered. In September, it was revealed information on thousands of New South Wales driver's licence-holders was breached, with reports indicating a cloud storage folder that had over 100,000 images was mistakenly left open. 

Cyber Security NSW confirmed a commercial entity was responsible for the breach of scanned driver's licence images. It said it was the responsibility of the commercial entity to investigate this matter and notify any customers if their data had been breached.  

Related Coverage