Privacy laws administered by the IPC are as follows:
- Privacy and Personal Information Protection Act 1998 (NSW) (PPIP Act)
- PPIP Act - Information Protection Principles
- The Health Records and Information Privacy Act 2002 (NSW) (HRIP Act)
- HRIP Act - Health Privacy Principles
For regulations, statutory guidelines, codes of practice and directions which apply. Visit the legislation section to find out more.
The PPIP Act applies to NSW government agencies including local councils and universities.
The HRIP Act applies to NSW goverment agencies including local councils, universities, public and private sector health organisations, health providers and large businesses.
Organisations not covered by these laws (for example banks, real estate agents, shops or other private sector organisations) may be covered by the Federal Privacy Act. For more information, you can contact the Office of the Australian Information Commissioner on 1300 363 992.
Federal Privacy Act 1988 (Cth)
- Surveillance Devices Act 2007 (NSW)
- Telecommunications (Interception and Access) Act 1979 (Cth)
- Adoption Act 2000(NSW)
- Assisted Reproductive Technology Act 2007(NSW)
- DNA Testing - Crimes (Forensic Procedures) Act 2000 (NSW)
- Criminal Records Act 1991(NSW)
In some cases there will be other laws, policies or standards that we can use to judge whether or not a person's privacy has been breached. Which one applies to a complaint will depend on the circumstances. For example a complaint about the disclosure of a person's criminal record will be assessed against compliance with the Criminal Records Act 1991; a complaint about a search of a bag at the supermarket will be assessed against industry best practice guidelines.
When giving advice or investigating complaints about the handling of personal information by organisations which are not obliged to comply with the PPIP Act or HRIP Act, the Privacy Commissioner NSW follows the data protection principles.
In other cases we will rely on the following general tests as to whether or not a person's privacy has been breached. These tests treat the following as breaches of privacy:
- the intrusion upon a person’s seclusion or solitude, or private affairs
- public disclosure of embarrassing facts about a person
- publicity which places a person in a false light in the public eye
- appropriation of a person’s name or likeness.
In any case if the NSW Privacy Commissioner investigates a privacy complaint and concludes that there has been an interference with or violation of a complainant's privacy, he or she will attempt to resolve the matter by conciliation.