Updated Privacy Self-assessment Tool Released


The Information and Privacy Commission (IPC) has today released the revised IPC Privacy Self-assessment Tool following a review and consultation with NSW agencies.

The Privacy Self-assessment Tool enables agencies to assess their systems and policies to ensure their compliance with their privacy requirements under the Privacy and Personal Information Protection Act 1998 (PPIP Act) and the Health Records and Information Privacy Act 2002 (HRIP Act). The revised tool has been designed so that agencies can perform an assessment of their privacy governance maturity while also tracking their progress in improving their privacy practices.

Privacy Commissioner, Ms Samantha Gavel said, “The revised Privacy Self-assessment Tool is an invaluable resource which will greatly assist all NSW agencies in assessing their privacy governance and practices.

“Leaders who recognise the importance of good personal information handling in delivering services and building the trust of their customers, and actively encourage staff to embed privacy in their business processes, will make privacy core to the business and not just a compliance issue.

“With the Mandatory Notification of Data Breach (MNDB) Scheme coming into effect on 28 November 2023, I encourage all agencies to visit the Tool ahead of this date. The revised Privacy Self-assessment Tool provides a comprehensive and holistic mechanism for agencies to assess their privacy maturity and assist them in meeting their compliance requirements under the PPIP and HRIP Acts.”

About the Tools

The IPC Information Governance Self-assessment Tools were first published in 2019 and reviewed in 2023. The revised Tools build upon the previous version and now feature three components that work together to assess, track and plan for governance maturity. The three components include:

  • A Maturity Matrix – a framework that describes the difference areas of practice to be assessed and what maturity looks like at each level
  • A Survey – the survey is used to collect data from various areas of the agency on the nature and effectiveness of their agency’s governance practices
  • A Management Document – this provides a space for agencies to record their level of maturity, as well as plan and track activities to improve maturity.

To assist agencies in navigating the new Tools, the IPC has released a demonstration video outlining each of the components and how to use them effectively.

The Privacy Self-assessment Tool and demonstration video are available for download via the IPC website.


For further information, please contact:

The Manager, Communications and Corporate Affairs on 0435 961 691 or email communications@ipc.nsw.gov.au

About the Information and Privacy Commission:

The Information and Privacy Commission NSW (IPC) is an independent statutory authority that administers New South Wales’ legislation dealing with privacy and access to government information. The IPC supports the Information Commissioner and the Privacy Commissioner in fulfilling their legislative responsibilities and functions and to ensure individuals and agencies can access consistent information, guidance and coordinated training about information access and privacy matters.

About the NSW Privacy Commissioner

Samantha Gavel was appointed as NSW Privacy Commissioner on 4 September 2017. Her role is to promote public awareness and understanding of privacy rights in NSW, as well as provide information, support, advice and assistance to agencies and the general public.

For further information about the IPC visit our website at www.ipc.nsw.gov.au