IPC Annual Report 2020/21 released


The Information and Privacy Commission NSW (IPC) CEO, NSW Information Commissioner and Open Data Advocate, Elizabeth Tydd, today released the IPC Annual Report 2020/21 (the Annual Report). It includes a report of the work of the NSW Privacy Commissioner, Samantha Gavel, for the period and her Report on the Operation of the Privacy and Personal Information Protection Act 1998. The Annual Report was tabled in NSW Parliament on 26 October 2021.

Commissioner Tydd noted that the Annual Report demonstrates that the trajectory of growth in the IPC’s work continues to increase.

“In the 10 years since the foundation of the IPC, and 10 years of operation of the Government Information (Public Access) Act, the IPC has seen a consistent growth in applications made to the IPC with 10,309 reviews and complaints received and assessed during that time,” said Commissioner Tydd.

“Over the period we have exercised new statutory functions and continued our year-on-year increase in case volumes. This is expected in an environment where information access and privacy rights are at the forefront of the government’s response to the pandemic together with its increasing reliance upon digital service delivery and decision-making, informed by real-time data.”

In 2020, the Digital Restart Fund Act 2020 (DRF Act) was introduced. Under the Digital Restart Fund (DRF) the responsible Minister is required to consider the advice of both the Information Commissioner and the Privacy Commissioner prior to approving any project receiving financial support from the $2.1B fund.

“The IPC has responded with the provision of advice on 121 discrete projects in the reporting period. This advice requires consideration of technical capabilities, information governance, risks to rights overseen by the IPC and recommendations to mitigate those risks and promote rights. Our expertise has matured, and we have shared our insights with agencies and citizens by publishing effective regulatory advice to ensure in-built rights preserving approaches,” said Commissioner Tydd.

Commissioner Gavel added, “Privacy issues will continue to be a key consideration in the implementation of digital solutions, including those funded under the DRF, by NSW government agencies now and into the future. The IPC is increasingly focusing its guidance on digital service delivery by agencies.”

The Privacy Commissioner experienced a significant increase in the number of voluntary breach notifications made in the reporting period (221 notifications, compared with 79 in the previous reporting period). A significant portion of the increase is attributable to new reporting requirements under section 117 C of the Fines Act 1996 for notifications to the Privacy Commissioner, which came into effect from 1 July 2020. It also reflects a heightened awareness and recognition by agencies of the potential impact of a data breach on personal information.

In 2021, the Attorney General, and Minister for the Prevention of Domestic and Sexual Violence and the Minister for Digital, Minister for Customer Service released a consultation draft bill to establish a Mandatory Notification Data Breach (MNDB) Scheme for NSW agencies.

Commissioner Gavel noted regarding the Scheme, “The benefits of the MNDB Scheme will include increased agency awareness of and responses to data breach incidents, elevation of agency capability to mitigate and manage the risk of data breaches and provision of information to citizens to assist them to reduce their risk of harm following a serious data breach.

“There will be significant work for the IPC in managing the implementation of the MNDB Scheme, once the legislation to support the Scheme has been passed by the Parliament. It will be important to ensure that the IPC has the staff, systems and processes to manage the Scheme and that NSW government agencies have the necessary guidance to assist them to comply with the Scheme when it takes effect.”

Highlights from the IPC’s 2020/21 Annual Report include:

  • an increase of 10% in applications for information access and privacy reviews and complaints
  • finalisation of 850 reviews and complaints, an increase of 4.4% on the 2019/20 reporting period
  • providing 569 information access and privacy advices to support compliance by agencies, a decrease of 1.0% on the 2019/20 reporting period
  • providing 121 advices in the first year of operation to projects seeking funding under the DRF
  • Commissioners provided submissions to 15 reviews and inquiries conducted by government including 6 joint submissions
  • dealing with 3407 enquiries from the public, representing a 22.5% increase on the 2782 dealt with in 2019/20
  • 485,989 page views and a 6.1% increase in unique visitors to ipc.nsw.gov.au
  • improving awareness of privacy and information access rights with the release of 36 new information access, privacy and corporate publications and reviewing 64 existing publications.

Access the IPC Annual Report 2020/21 here.


For further information, please contact:

The Manager, Communications and Corporate Affairs on 0435 961 691 or email communications@ipc.nsw.gov.au

About the Information and Privacy Commission:

The Information and Privacy Commission NSW (IPC) is an independent statutory authority that administers New South Wales’ legislation dealing with privacy and access to government information. The IPC supports the Information Commissioner and the Privacy Commissioner in fulfilling their legislative responsibilities and functions and to ensure individuals and agencies can access consistent information, guidance and coordinated training about information access and privacy matters.

For further information about the Information and Privacy Commission visit our website at www.ipc.nsw.gov.au

About the NSW Information Commissioner 

The NSW Information Commissioner’s statutory role includes promoting public awareness and understanding of the Government Information (Public Access) Act 2009 (GIPA Act); providing information, advice, assistance and training to agencies and the public; dealing with complaints about agencies; investigating agencies’ systems, policies and practices; and reporting on compliance with the GIPA Act.

The Government Information (Information Commissioner) Act 2009 (GIIC Act) establishes the procedures for appointing the Information Commissioner and sets out the Commissioner's powers and functions. It outlines the method for people to complain about the conduct of agencies when undertaking their duties under the GIPA Act, and the way in which the Information Commissioner may deal with the complaint. The GIIC Act also enables the Information Commissioner to investigate and report on how agencies carry out their functions under the GIPA Act.

About the NSW Privacy Commissioner

Samantha Gavel was appointed as NSW Privacy Commissioner on 4 September 2017. Her role is to promote public awareness and understanding of privacy rights in NSW, as well as provide information, support, advice and assistance to agencies and the general public.

Download a copy of the media release here.