Data breaches

Transport is required to manage eligible data breaches in accordance with Part 6A of the Privacy and Personal Information Protection Act 1998 (NSW). Transport has notification obligations where there has been an eligible data breach.

Transport data breach policy 

The Transport Data Breach Policy prescribes the principles and requirements that must be applied by all Transport staff to meet our obligations in the event of a suspected or actual eligible data breach.

View Data Breach Policy (PDF, 232.39 KB)

Sydney Metro data breach policy

The Sydney Metro Data Breach Policy prescribes the principles and requirements that must be applied by all Sydney Metro staff to meet our obligations in the event of a suspected or actual eligible data breach.

View Data Breach Policy (PDF, 230.34 KB)

Public notification register 

There have been no public notifications made for Transport for NSW, Sydney Trains or NSW Trains.