What is the law pertaining to privacy?

NSW privacy legislation focuses largely on information about you, that is, information that identifies you. In NSW, the Acts address two groups of information – personal information and health information.

Personal information is any information that identifies you and includes:

• A written record which may include your name, address and other details about you
• Photographs, images, video or audio footage
• Fingerprints, blood or DNA samples.

Health information is a specific type of ‘personal information’ which may include information about your physical or mental health or disability. It includes:

• Personal information you provide to any health organisation
• A health service already provided to you
• A health service that is going to be provided to you
• A health service you have asked to be provided to you
• Some personal information for organ donation
• Some genetic information about you, your relatives or your descendants.

In NSW, there are laws that protect your privacy:

• Protects your privacy rights in NSW by making sure that your personal information is properly collected, stored, used or released by NSW public sector agencies via the Information Protection Principles (IPPs)
• Gives you the right to see and ask for changes to be made to your personal or health information
• Allows you to make a complaint to the NSW Privacy Commissioner if you believe a NSW public sector agency has misused your personal information or breached one of the IPPs.

• Protects your privacy rights in NSW by making sure that your personal and health information is properly collected, stored, used or released via the Health Privacy Principles (HPPs)
• Gives you the right to see and ask for changes to be made to your personal or health information
• Allows you to make a complaint to the NSW Privacy Commissioner if you believe a NSW public sector agency, health organisation or health service provider has misused your personal or health information or breached one of the HPPs.

NOTE: Some NSW public sector agencies may have specific provisions relating to the handling of personal information. In addition, there are Commonwealth privacy laws that protect the people of NSW when dealing with federal government departments and larger private sector organisations – please see below.

• NSW public sector agencies, including local councils and universities.

• NSW public sector agencies, including local councils and universities
• Public and private sector health organisations – e.g. a private or public hospital or medical centre
• Health service providers – e.g. your GP, dentist, therapist, physiotherapist, chiropractor, optometrist
• A larger-sized business with a turnover of over $3 million that holds health information – e.g. an insurance company.

NOTE: Organisations not covered by these laws (e.g. banks, real estate agents, shops or other private sector organisations) may be covered by the federal Privacy Act. Contact the Office of the Australian Privacy Commissioner on 1300 363 992 or visit their website – www.oaic.gov.au.

In our daily lives we are often asked to disclose personal information such as names, addresses, signatures, banking details, phone numbers and more. General tips to help safeguard your privacy include:

• You have a right to ask why any information is being collected about you
• Never give your personal details to an unknown person or business that does not list a trading address
• Keep passwords, PINs and other access codes confidential and secure
• Enable privacy settings when using online social media and networking sites (e.g. Facebook, Twitter)
• Securely dispose of mail that contains personal details (e.g. shredding).

If you want to access your own health or personal information, you should contact the holder of the information first and ask them how you can do this. This is usually the Privacy Contact Officer at the agency or organisation concerned. Their details should be on the agency’s or organisation’s website. 

If you need further information you can also contact us.

If you ask for your personal information under the PPIP Act it should be provided to you free and without excessive delay.

If you ask for your health or personal information under the HRIP Act it may be free or there may be a charge. When information is provided to you it should be done without undue delay or excessive costs.

If you want to access your own health or personal information, you should contact the holder of the information first and ask them how you can do this.

There may be other important considerations beyond costs and processing times, such as your review rights, how you want access, and whether other information is involved.

If you believe a NSW public sector agency or organisation has misused your personal or health information you can:

• Ask for an internal review from a NSW public sector agency (an investigation must be done if you make such a request)
• Complain to the NSW Privacy Commissioner
• If you are not happy with the result and, if the Privacy Commissioner has written a report, you have 28 days to apply to the NSW Civil and Administrative Tribunal (NCAT) for a review of the decision.

• You may be able to ask for an internal review (applies to NSW public health service providers)
• You can complain to the NSW Privacy Commissioner about a private sector provider
• If you are not happy with the result and, if the Privacy Commissioner has written a report, you can apply to the NSW Civil and Administrative Tribunal (NCAT) for a review of the decision.

The Privacy Commissioner also has the power to accept broad-based privacy complaints.

NOTE: Depending on the circumstances the IPC may not always be able to accept your complaint, however, we can provide guidance regarding other options.

The Information and Privacy Commission (IPC) is an independent statutory authority that administers NSW’s legislation dealing with privacy and access to government information.

Our business hours are 9am to 5pm Monday to Friday (excluding public holidays).
Post: GPO Box 7011, Sydney NSW 2001

Freecall:            1800 472 679
Email:              
Website:           www.ipc.nsw.gov.au 

See flowchart in this fact sheet, page 3. If you are having difficulties reading this document, please contact us on 1800 472 679 and we will provide another format for you.

See flowchart in this fact sheet, page 4. If you are having difficulties reading this document, please contact us on 1800 472 679 and we will provide another format for you.