MNDB scheme for local government from 1 July 2026

The Information Privacy Act 2009 established a Mandatory Notification of Data Breach (MNDB) scheme with specific obligations for public sector agencies.

From 1 July 2026, this scheme will extend to councils.

The scheme requires councils to publish a data breach policy and maintain a register of data breaches that are eligible under the scheme.

Councils will have obligations to contain, mitigate and assess any data breach to determine if it is eligible under the MNDB scheme and if so, to notify affected individuals and the Information Commissioner.

We have a range of resources to help agencies meet their MNDB obligations, including:

• MNDB Assessment Tool 
• Data breach policy template (DOCX, 480KB)
• Eligible data breach register template (DOCX, 124KB)
• Data Breach response plan template (DOCX, 323KB) 

You can watch OIC's recorded webinar below, Understanding Queensland’s MNDB scheme.

Watch

Watch online: https://vimeo.com/1202707279