Checklist - Privacy compliance for public sector agencies

Checklist - Privacy compliance for public sector agencies (PDF, 46kb)

This checklist will assist staff at NSW public sector agencies to comply with the Privacy and Personal Information Protection Act 1998 (PPIP Act) and Health Records and Information Privacy Act 2002 (HRIP Act). Use this checklist when reviewing your privacy practices or designing privacy into new procedures and services.
The privacy checklist
Is my organisation a public sector organisation?
Who is my privacy contact officer?
I have read my agency's Privacy Managment Plan?
I have read my agency's information handling policies?
I have refreshed my knowledge of the Information Protection Principles?
I have refreshed my knowledge of the Health Privacy Principles?
Do I really need to collect this information about an individual? What am I going to use it for?
Is the personal or health information accurate and up to date?
When I collect personal information from service users, do I always advise them how it will be held and how it will be used?
Is access to personal or health information limited to those with a strict need to know?
Do the people whose information my agency holds know how to access it?
I understand the process to follow if someone requests access to their personal or health information?
What can I do to ensure that personal information is always hels securely? (eg. not sharing passwords)
Do I know my agency's policy on destroying personal information securely? Am I complying with it?
Other things to remember
Always keep personal and health information secure
When developing a new procedure, consider whether you are over-collecting personal information
Lock your computer when you leave your workspace
Don't post information about workplace colleagues or service users on social media
Visit for further guidance on effective privacy practices
For more information

Contact the Information and Privacy Commission

Freecall:            1800 472 679