Since the commencement of the Mandatory Notification of Data Breach (MNDB) scheme on 1 July 2025, Queensland government agencies have specific obligations to contain, mitigate and assess breaches containing personal information, and to notify individuals and the OIC when such breaches are assessed to be eligible under the scheme.
MNDB scheme obligations commence in local councils on 1 July 2026.
Community and agency support – Learnings from IDCARE
The Privacy Commissioner, Alexander White, is joined by interim CEO of IDCARE, Charlotte Davidson, to deliver a presentation that discusses the potential harms faced by people when their personal information is breached, how agencies can lessen the risk of serious breaches, and the importance of communicating with people who are affected by a data breach.
IDCARE is an independent, not-for profit organisation that supports people experiencing scams, identity theft, and cyber threats. Charlotte has over 20 years’ experience across Australian and NSW governments, including 12 years in cyber security and cybercrime intelligence.
Data breaches
OIC’s Assistant Commissioner, Privacy, Helene Wells, highlights some of the challenges and opportunities agencies have been experiencing to ensure they are meeting their data breach notification obligations under the Information Privacy Act. Helene offers an opportunity to reflect on what has been happening since 1 July 2025 and identifies some key areas worthy of further focus.
