UTS is committed to promoting a culture of privacy protection. UTS will make all reasonable efforts to limit and prevent data breaches.
On this page
What is a data breach? | Report a suspected data breach | Mandatory data breach response | Public notification of data breaches and public notification register
Related document
What is a data breach?
A data breach is an unauthorised access, disclosure or modification of personal information held by UTS; or a loss of personal information that is likely to result in unauthorised access or disclosure.
In line with the Data Breach Policy, UTS will make all reasonable efforts to identify, limit and prevent data breaches.
Report a suspected data breach
If you suspect something has gone wrong with your personal information, or have identified a data breach, you must report this via email to data.breach@uts.edu.au
Further information on how to respond to and manage a data breach involving personal information is available in the Data Breach Policy and the Privacy Management Plan (PDF).
For staff, further guidance on the prevention of data breaches is available at Privacy hub (SharePoint), including Data breaches, which contains information on how to respond to a data breach.
Mandatory data breach response
UTS is covered by the Mandatory Notification of Data Breach Scheme (MNDB Scheme) under the NSW Privacy and Personal Information Protection Act 1998.
Under this scheme, UTS must notify the NSW Privacy Commissioner and affected individuals if there has been an eligible data breach.
For mandatory notification purposes, an eligible data breach is where a data breach is likely to result in serious harm to the individual the information is about.
Mandatory notification of data breaches may also be required under laws in other jurisdictions, for example, the Privacy Act 1988 (Cwlth), overseas legislation (for example, under the European Union's or China’s privacy laws if relevant to a particular incident), or under a contract.
Public notification of data breaches
UTS is required under the MNDB Scheme to publish and maintain a public notification register.
A notification must be included on this register where UTS is unable, or it is not reasonably practicable, to notify affected individuals of an eligible data breach directly.
Where UTS is able to notify all affected individuals, a notification may be included on this register voluntarily at UTS's discretion in addition to other mandatory notifications.
A notification on this register will remain published for at least 12 months.
UTS public notification register
Incident date:
For the attention of
Further details
Type of breach:
How the breach occurred:
Type of personal information impacted:
Actions UTS has taken or are planned:
Recommended steps for you to take:
Further assistance:
Date notice published:
Link to further content: