NSW’s privacy watchdog has experienced a 171 percent rise in the number of requests for privacy advice from agencies and ministers since the government's digital push began.
The Information and Privacy Commission (IPC) revealed the figure in its submission to the parliamentary inquiry into the government’s handling of cyber security last week.
“The IPC’s work volumes have increased significantly in response to the NSW government’s digital government strategy released in early 2017,” the submission states.
“Between 2015-16 and 2019-20 requests to the IPC for advice have increased by 171 percent.”
The IPC said the advice relates to the “preservation and exercise of rights in digital government”, which the “NSW government has led the way” on.
“As the range of services available via digital platforms expands, so too do the threats and risks to the security of these services and the data holdings of the government,” it said.
That workload is only expected to climb further over the coming years, as the state increases the use of artificial intelligence and automated decision-making as part of its digital agenda.
New requirements for the IPC to review all IT projects funded from the government’s $1.6 billion digital restart fund will also add to the volume of work.
That obligation was introduced with the Digital Restart Fund Act in August, with the customer service minister now expected to obtain privacy advice before granting funding to agencies.
Mandatory data breach notification
The IPC also used its submission to reiterate support for a mandatory data breach notification scheme in NSW - which the government has pledged to introduce, but not given a timeframe for.
It said it has undertaken “extensive consultation” with the departments of Communities and Justice, Customer Service and Health on the development of a draft model in recent months.
As is the case in all other state and territory governments, NSW agencies are encouraged - but not required - to report data breaches to the IPC or to individuals impacted.
There is also no requirement for them to report breaches under the federal government’s mandatory notifiable data breach scheme.
However, when a serious data breach occurs, as Service NSW experienced when 738GB of data was stolen earlier this year, the IPC engages with agencies and provides advice.
The IPC received 79 data breach notifications in total under the state’s voluntary data breach notification scheme in the 2019-20 financial year.