Privacy
What is Privacy?
Protecting your personal and health information in NSW is guided by two main laws: the Privacy and Personal Information Protection Act 1998 (PPIP Act) and the Health Records and Information Privacy Act 2002 (HRIP Act). These laws set out how NSW government agencies, including local government, state-owned corporations, universities and some private health providers must handle your information. This includes things like your name, date of birth, address, or medical history. The laws give you rights to see the information held about you, ask for changes if it’s wrong, and make a complaint if you think your privacy has been breached.
If you’re worried about how your information has been used, you can ask the agency or provider to review what happened. You can also contact the Information and Privacy Commission NSW (IPC) for help or to make a complaint. The IPC makes sure agencies follow the rules and respect your privacy. These laws are designed to give you more control over your personal and health information, and help make sure it’s handled in a fair and respectful way.
What is the IPC's role and jurisdiction?
The Information and Privacy Commission NSW (IPC) is an independent statutory authority that administers legislation dealing with privacy and access to government held information in NSW. As part of its regulatory work, the IPC undertakes reviews and complaints in relation to information access and privacy.
The IPC has jurisdiction over NSW government agencies and departments, local councils, NSW universities, NSW state-owned corporations and some private health service providers.
I want to know about...
NSW Privacy Laws
The IPC oversees a number of laws that protect and promote the protection of personal and health information in NSW.
Making a request for personal information
You can make an informal application under both the PPIP Act or HRIP Act, however, most agencies will require authorisation in writing and will ask for proof of identification.
Making a privacy complaint
The IPC provides guidance and resources for individuals seeking to make a complaint to the NSW Privacy Commissioner about their privacy being breached by a NSW public sector agency.
Privacy forms
The Information and Privacy Commission NSW (IPC) has forms to assist you in making a privacy complaint under the PPIP Act.
CCTV on private property
The IPC cannot provide any advice related to individual rights and obligations in relation to surveillance laws. This page provides you with further support on where to receive such advice.
Data breach information and the MNDB Scheme
The Mandatory Notification of Data Breach Scheme (MNDB Scheme) is a mandatory notification requirement under the PPIP Act for NSW public sector agencies in the event of an ‘eligible data breach’.
Data breach support
If you have been affected by a data breach, there are support services available to help. This page provides you with more information on some of the support services you can access.
Essential Guidance Toolkit on information access and privacy fundamentals
This toolkit includes fundamental regulatory guidance to ensure that agencies are able to meet their requirements under NSW information access and privacy legislation.
MNDB Scheme - Information for agencies
The Mandatory Notification of Data Breach (MNDB) Scheme requires agencies to notify the Privacy Commissioner and provide notifications to affected individuals in the event of an 'eligible data breach'.
PPIP & HRIP Compliance Reports
The IPC monitors the compliance of NSW public sector agencies with the PPIP and HRIP Act.
Resources for Public Interest Disclosures
The Public Interest Disclosures Act 2022 (PID Act) provides a system to encourage public officials to report wrongdoings about privacy contraventions.
IPC e-Learning
The IPC's e-Learning portal contains a number of online training modules to provide training across privacy and government information access legislation.
