A privacy management plan is a strategic planning document in which each public sector agency describes the measures it proposes to take to ensure that it complies with the Privacy and Personal Information Protection Act 1998 (PPIP Act) and the Health Records and Information Privacy Act 2002 (HRIP Act).
Each NSW public sector agency must have a Privacy Management Plan and provide a copy to the NSW Privacy Commissioner. It should also be made publicly available on the agency’s website and made available in other ways on request.
We have written resources to help public sector agencies write and review their privacy management plans:
- A Guide to Making Privacy Management Plans contains details on the requirements of a plan and helpful questions that public sector agencies can consider when developing their plan
- The privacy management plan assessment checklist is a helpful tool public sector agencies can use to assess existing or draft privacy management plans.
Our office has a privacy management plan in line with this requirement, which is available on our website.