NSW privacy legislation focuses largely on information about you, that is, information that identifies you. In NSW, the Acts address two groups of information – personal information and health information. Personal information is any information that identifies you and includes: Health information is a specific type of ‘personal information’ which may include information about your physical or mental health or disability. It includes: In NSW, there are laws that protect your privacy: NOTE: Some NSW public sector agencies may have specific provisions relating to the handling of personal information. In addition, there are Commonwealth privacy laws that protect the people of NSW when dealing with federal government departments and larger private sector organisations – please see below. NOTE: Organisations not covered by these laws (e.g. banks, real estate agents, shops or other private sector organisations) may be covered by the federal Privacy Act. Contact the Office of the Australian Privacy Commissioner on 1300 363 992 or visit their website – www.oaic.gov.au.
What is health information?
How is my privacy protected in NSW?
The Health Records Information Privacy Act 2002 (HRIP Act):
The HRIP Act applies to:
In our daily lives we are often asked to disclose personal information such as names, addresses, signatures, banking details, phone numbers and more. General tips to help safeguard your privacy include:
- You have a right to ask why any information is being collected about you
- Never give your personal details to an unknown person or business that does not list a trading address
- Keep passwords, PINs and other access codes confidential and secure
- Enable privacy settings when using online social media and networking sites (e.g. Facebook, Twitter)
- Securely dispose of mail that contains personal details (e.g. shredding).
If you want to access your own health or personal information, you should contact the holder of the information first and ask them how you can do this. This is usually the Privacy Contact Officer at the agency or organisation concerned. Their details should be on the agency’s or organisation’s website.
If you need further information you can also contact us.
How much does it cost and how long should it take to access my personal or health information? Under the PPIP Act for personal information (NSW public sector agencies only)If you ask for your personal information under the PPIP Act it should be provided to you free and without excessive delay.
Under the HRIP Act for personal and health information NSW public and private health service providers and those who collect health-related materials (e.g. dentists, physiotherapists)If you ask for your health or personal information under the HRIP Act it may be free or there may be a charge. When information is provided to you it should be done without undue delay or excessive costs.
If you want to access your own health or personal information, you should contact the holder of the information first and ask them how you can do this.
There may be other important considerations beyond costs and processing times, such as your review rights, how you want access, and whether other information is involved.
If you believe a NSW public sector agency or organisation has misused your personal or health information you can:
Under the PPIP Act for personal information (NSW public sector agencies only)- Ask for an internal review from a NSW public sector agency (an investigation must be done if you make such a request)
- Complain to the NSW Privacy Commissioner
- If you are not happy with the result and, if the Privacy Commissioner has written a report, you have 28 days to apply to the NSW Civil and Administrative Tribunal (NCAT) for a review of the decision.
- You may be able to ask for an internal review (applies to NSW public health service providers)
- You can complain to the NSW Privacy Commissioner about a private sector provider
- If you are not happy with the result and, if the Privacy Commissioner has written a report, you can apply to the NSW Civil and Administrative Tribunal (NCAT) for a review of the decision.
The Privacy Commissioner also has the power to accept broad-based privacy complaints.
NOTE: Depending on the circumstances the IPC may not always be able to accept your complaint, however, we can provide guidance regarding other options.
About the IPCThe Information and Privacy Commission (IPC) is an independent statutory authority that administers NSW’s legislation dealing with privacy and access to government information.
Contacting the IPCOur business hours are 9am to 5pm Monday to Friday (excluding public holidays).
Post: GPO Box 7011, Sydney NSW 2001
Freecall: 1800 472 679
Email:
Website: www.ipc.nsw.gov.au
See flowchart in this fact sheet, page 3. If you are having difficulties reading this document, please contact us on 1800 472 679 and we will provide another format for you.
See flowchart in this fact sheet, page 4. If you are having difficulties reading this document, please contact us on 1800 472 679 and we will provide another format for you.