Checklist - Privacy for NSW public sector agencies

View the document below or download it here Checklist - Privacy for NSW public sector agencies July 2019 

This checklist will help NSW public sector staff with compliance with the Privacy and Personal Information Protection Act 1998 (PPIP) and Health Records and Information Privacy Act 2002 (HRIP) and embed privacy practices into new procedures and services.
 

 

Assessment questions

 Status 

Comments

Understanding privacy in the agency

1

Is my organisation a NSW public sector agency?

☐ YES

☐ NO

If no, you may have obligations under other privacy laws and guidelines.

2

I know who the agency Privacy Contact Officer is?

☐ YES

☐ NO

If no, ask your manager or search your intranet.

3

I have read and understood the agency’s Privacy Management Plan?

☐ YES

☐ NO

If no, check the agency website.

4

I have read and understood the agency’s information handling policies?

☐ YES

☐ NO

If no, access a copy of the policy or refer to the State Records Act 1998.

5

I have read and comply with the agency’s policy on destroying personal and health information?

☐ YES

☐ NO

If no, access a copy of the agency’s Privacy Management Plan.

6

I have read and understood the agency’s process for requests to access personal or health information?

☐ YES

☐ NO

If no, access a copy of the agency’s Privacy Management Plan.

7

I ensure access to personal and health information within my agency is limited to those with a strict need to know?

☐ YES

☐ NO

If no, access a copy of the agency’s Privacy Management Plan.

8

I have read and comply with the agency’s process to ensure personal and health information is always held securely? (e.g. not sharing passwords)

☐ YES

☐ NO

If no, access a copy of the agency’s Privacy Management Plan.

9

I always lock my computer when I leave my workspace?

☐ YES

☐ NO

If no, use function ALT/CONTROL/DELETE on your keyboard and choose the lock function.

10

I never post information about workplace colleagues or service users on social media?

☐ YES

☐ NO

If no, review the agency Code of Conduct or relevant policy.

Understanding the legal requirements

11

I have refreshed my knowledge of the Information Protection Principles?

☐ YES

☐ NO

If no, click on link

12

I have refreshed my knowledge of the Health Privacy Principles?

☐ YES

☐ NO

If no, click on link

Collecting personal and health information

13

I collect personal and health information for the right purpose? Do I really need this information and what am I going to use it for?

☐ YES

☐ NO

Review point 11 and 12 in this checklist above

14

I always advise service users how their personal information will be used and held?

☐ YES

☐ NO

If no, access a copy of the agency’s Privacy Management Plan.

15

I always advise people I am collecting personal and health information from how they can access agency held information?

☐ YES

☐ NO

If no, access a copy of the agency’s Privacy Management Plan.

 
 

For more information

Contact the Information and Privacy Commission NSW:

freecall:            1800 472 679
email:               ipcinfo@ipc.nsw.gov.au
website:           www.ipc.nsw.gov.au