Fact sheet - A Guide to protecting your privacy in NSW

Read the document below or download it here Fact sheet - A Guide to protecting your privacy in NSW, updated May 2024

Who is this information for? This fact sheet is for citizens who are seeking information on their privacy rights in NSW. 
Why is this information important to them? This fact sheet will help citizens to understand how their privacy is protected in NSW, the legislation, and tips for keeping their personal information safe. 

In today’s world of global connectivity and information sharing, privacy is an important issue for everyone. 

In NSW, the Privacy Commissioner assists with resolving complaints, protects and enhances the privacy rights of the NSW community and ensures the privacy principles set out in legislation are upheld.

The Information and Privacy Commission NSW (IPC) is committed to educating people about the meaning and value of privacy in their day-to-day lives. We do this by:

  • advising individuals, government agencies, businesses and other organisations on how to ensure that the right to privacy is protected
  • researching developments in policy, law and technology that may impact on privacy, and making reports and recommendations to relevant authorities
  • answering enquiries and educating the community about privacy issues
  • advising people of possible remedies for breaches of their privacy
  • receiving, investigating and conciliating complaints about breaches of privacy
  • appearing in the NSW Civil and Administrative Tribunal and advising on privacy law in privacy cases
  • overseeing NSW government agency reviews of alleged privacy breaches.

We are responsible for administering the following privacy laws:

Privacy and Personal Information Protection Act 1998

The Privacy and Personal Information Protection Act 1998 (PPIP Act) outlines how NSW public sector agencies, including government agencies, local councils and universities, manage personal information. The PPIP Act allows members of the public to make a complaint about a NSW public sector agency if their personal information is misused. The Privacy Commissioner also has discretion to receive complaints about broader privacy-related matters.

Health Records Information Privacy Act 2002

The Health Records Information Privacy Act 2002 (HRIP Act) promotes fair and responsible handling of health information. The HRIP Act applies to an organisation in NSW that is a health service provider or that collects, holds or uses health information. This includes both public and to private sector organisations.[1] Further information about the application of the HRIP Act to private health service providers is available in the Privacy Commissioner’s Statement of Jurisdiction available here.

What does ‘privacy’ and ‘personal information’ mean?

There is no simple definition of privacy. It can mean the right to a sense of personal freedom, the right to have information about oneself used fairly and a right to be left alone. Many people confuse privacy with secrecy or confidentiality, but privacy is much broader. Personal information is just one aspect of this broader concept of ‘privacy’.

Under NSW privacy law, personal information means any information or opinion about an identifiable person. This includes records containing your name, address, and sex, or physical information such as fingerprints, blood samples or your DNA. Health information is a special category of personal information.

The HRIP Act recognises the importance and sensitivity of health information, and specifically protects dealings with any information relating to your health.

What are the privacy principles?

The PPIP Act contains a set of ‘Information Protection Principles’, which public sector agencies must abide by when they collect, hold, use or disclose your personal or health information.

Likewise, the HRIP Act contains a set of ‘Health Privacy Principles’, which public and private sector organisations must abide by when they collect hold, use or disclose your health information.

In some circumstances, public sector agencies may be exempt from complying with some or all of the principles of the PPIP and HRIP Act.

It is best to contact the Privacy Contact Officer in the organisation (this should be listed on the organisation’s website) or the Information and Privacy Commission to find out more information about exemptions under these principles.

For more information about the principles, refer to the following fact sheets on our website:

What to do if you think your privacy has been breached

If your complaint is about your personal or health information and against a NSW public sector agency, you should normally seek an internal review. An internal review is an investigation that the agency is required to conduct when you make a privacy complaint.

If your complaint is about a business, you should contact the Australian Privacy Commissioner at the Office of the Australian Information Commissioner on freecall telephone: 1300 363 992. In general, the NSW Privacy Commissioner does not have the power to deal with complaints regarding businesses.

However, in some cases we can recommend privacy guidelines following an investigation of a complaint involving a small business in NSW.

The NSW Privacy Commissioner can examine whether or not there has been a “violation or interference with” a person’s privacy. Another phrase for this is a “breach of privacy”. Depending on the nature of your complaint, different laws may apply so it is best to check with us for more information.

Tips to help keep your privacy safe

In our daily lives, we are often asked to disclose personal information such as names, addresses, dates of birth, signatures or phone numbers, which form part of our identity.

Here are some tips to help you keep your privacy safe:

  • never give your personal details to a stranger or a business that does not list a trading address
  • keep passwords, PINs and other access codes confidential and secure
  • always enable privacy settings when using online platforms such as social networking sites
  • securely dispose of mail that contains personal details (e.g. shredding). Never put sensitive documents that have your personal details in the recycle bin.

Where else can you go?

Office of the Australian Information Commissioner

Deals with complaints about private health service providers, large businesses, federal government agencies, tax file numbers, consumer credit reporting and federal spent convictions, freecall telephone: 1300 363 992, website: www.oaic.gov.au

Health Care Complaints Commission

Deals with complaints about confidentiality of medical records and conduct of health workers in New South Wales, telephone: 02 9219 7444

NSW Ombudsman

Deals with complaints about the conduct of most NSW public sector agencies, including Family and Community Services, and local governments. However, the NSW Ombudsman cannot investigate complaints about alleged privacy breaches. www.ombo.nsw.gov.au or 1800 451 524.

Telecommunications Industry Ombudsman

Deals with complaints about telephone carriers and service providers, freecall telephone: 1800 062 058, website: www.tio.com.au

Association for Data-driven Marketing and Advertising

Can assist in removing names from mailing lists, telephone: (02) 9277 5410, website: https://www.adma.com.au/regulatory/do-not-mail 

For more information

Contact the Information and Privacy Commission NSW (IPC):

Freecall:           1800 472 679
Email:             ipcinfo@ipc.nsw.gov.au
Website:           www.ipc.nsw.gov.au

NOTE: The information in this fact sheet is to be used as a guide only.
Legal advice should be sought in relation to individual circumstances.

[1] See section 4 HRIP Act for definitions of a health service provider.

How easy did you find it to understand this resource?
Have you used the information in this resource to assist you?