Data breaches

UTS is committed to promoting a culture of privacy protection. UTS will make all reasonable efforts to limit and prevent data breaches.

On this page

What is a data breach? | Report a suspected data breach | Mandatory data breach response | Public notification of data breaches and public notification register

Related document

Public notification register

What is a data breach?

A data breach is an unauthorised access, disclosure or modification of personal information held by UTS; or a loss of personal information that is likely to result in unauthorised access or disclosure.

In line with the Data Breach Policy, UTS will make all reasonable efforts to identify, limit and prevent data breaches.

Report a suspected data breach

If you suspect something has gone wrong with your personal information, or have identified a data breach, you must report this via email to data.breach@uts.edu.au

Further information on how to respond to and manage a data breach involving personal information is available in the Data Breach Policy and the Privacy Management Plan (PDF).

For staff, further guidance on the prevention of data breaches is available at Privacy hub (SharePoint), including Data breaches, which contains information on how to respond to a data breach.

Mandatory data breach response

UTS is covered by the Mandatory Notification of Data Breach Scheme (MNDB Scheme) under the NSW Privacy and Personal Information Protection Act 1998

Under this scheme, UTS must notify the NSW Privacy Commissioner and affected individuals if there has been an eligible data breach.

For mandatory notification purposes, an eligible data breach is where a data breach is likely to result in serious harm to the individual the information is about.

Mandatory notification of data breaches may also be required under laws in other jurisdictions, for example, the Privacy Act 1988 (Cwlth), overseas legislation (for example, under the European Union's or China’s privacy laws if relevant to a particular incident), or under a contract.

Public notification of data breaches

UTS is required under the MNDB Scheme to publish and maintain a public notification register.

A notification must be included on this register where UTS is unable, or it is not reasonably practicable, to notify affected individuals of an eligible data breach directly.

Where UTS is able to notify all affected individuals, a notification may be included on this register voluntarily at UTS's discretion in addition to other mandatory notifications.

A notification on this register will remain published for at least 12 months.

UTS public notification register

Incident date

For the attention of 

Summary

Further details

Description

Type of breach

How the breach occurred

Type of personal information impacted

Actions UTS has taken or are planned

Recommended steps for you to take

Further assistance

Date notice published

Link to further content

Acknowledgement of Country

UTS acknowledges the Gadigal people of the Eora Nation, the Boorooberongal people of the Dharug Nation, the Bidiagal people and the Gamaygal people, upon whose ancestral lands our university stands. We would also like to pay respect to the Elders both past and present, acknowledging them as the traditional custodians of knowledge for these lands.