Privacy Resources for Agencies

The IPC has developed a toolkit titled, ‘The Essential Guidance Toolkit on information access and privacy fundamentals’ which includes fundamental regulatory guidance to ensure that agencies are able to meet their requirements under NSW information access and privacy legislation. It has been arranged on a functional basis that reflects agency, senior executive and decision-maker responsibilities.

The toolkit is available in different versions for public sector agencies and local government. Download the toolkit below:

There are other specific privacy resources available which you can view by clicking on the headings below.

Fact Sheets

NEW Digital projects
This fact sheet provides guidance to agencies on the information access and privacy issues they should consider where designing and implementing a digital project.

Privacy Commissioner’s right of appearance in the NSW Civil and Administrative Tribunal
This fact sheet has been prepared to provide citizens and agencies information about the Privacy Commissioner's right to appear and be heard in the NSW Civil and Administrative Tribunal in any administrative review of the conduct of a public sector agency under the PPIP Act and HRIP Act, as well as in related proceedings and appeals.

NEW De-identification of personal information
This fact sheet discusses the importance of de-identification and offers practical tips to agencies when de-identifying information.

Privacy by design
Privacy by design ensures that good privacy practices are built into your organisation’s decision-making, as well as the design and structure of your information systems, business processes, products and services.

NEW The PPIP Act: Agency systems, policies and practices
This guidance is provided to assist agencies in the performance of their responsibilities under the Privacy and Personal Information Protection Act 1998 (PPIP Act). It provides suggested actions to improve agency systems, policies and practices that relate to the handling and management of personal information under the PPIP Act.

NEW The Role of the Privacy Commissioner: Consulting the IPC on Initiatives and Projects 
This fact sheet sets out the best practice approach to incorporating privacy and information governance into the design of an initiative or project. 

UPDATED Providing access to health information - guidance for health care providers
To assist Health Care Providers in understanding their obligations and responsibilities under NSW privacy laws

NSW Public Sector agencies and the GDPR 
To provide guidance to NSW public sector agencies in understanding the GDPR and in particular the effect for those NSW public sector agencies that offer goods or services to EU citizens

Consent and Bundled Consent
This fact sheet has been designed to provide guidance to NSW public sector agencies and Health Care Providers in understanding the issue of consent in relation to Privacy laws in NSW.

IPC Privacy Statement of Jurisdiction
This fact sheet has been developed to help citizens understand the IPC's privacy jurisdiction in NSW, how their privacy is protected, and what to do if they think their privacy has been breached.

NSW Public Sector Agencies and notifiable data breaches
The NDB scheme establishes a mandatory data breach notification scheme that requires organisations covered by the federal Privacy Act to notify individuals likely to be at risk of serious harm due to a data breach.

Reasonably Ascertainable Identity 
This fact sheet offers interpretation and guidance on the meaning of 'reasonably ascertainable identity' as well as practical tips to help users determine if an individuals identity can be ‘reasonably ascertained’.

Local councils' use of Closed Circuit TV (CCTV)
Local councils in New South Wales have an exemption from provisions under the Privacy and Personal Information Protection Act 1998 (PPIP Act) to use CCTV cameras in public places.

Health Privacy Principles (HPPs) for agencies
The 15 Health Privacy Principles (HPPs) are the key to the Health Records and Information Privacy Act 2002 (HRIP Act).

Information Protection Principles (IPPs) for agencies
The 12 Information Protection Principles (IPPs) are your key to the Privacy and Personal Information Protection Act 1998 (PPIP Act).

Developing mobile apps – know the risks
Privacy should be a top priority in the creative process. This checklist has been designed to provide agencies with information about the privacy implications of developing mobile apps.

Understanding your privacy obligations – for public sector staff
Under New South Wales privacy laws, public sector agencies and staff in New South Wales are responsible for protecting the privacy of personal information they collect

Processing requests for personal information
How to process a request for information under the Privacy and Personal Information Protection Act 1998 or the Government Information (Public Access) Act 2009

Guides

NEW Data Sharing and Privacy
This guidance includes key considerations that public sector agencies should address when considering to share data.

A Guide to Making Privacy Management Plans
Contains details on the requirements of a plan and helpful questions that public sector agencies can consider when writing one.

Privacy and people with decision-making disabilities
This guide is primarily intended to be used by NSW public sector agencies that handle personal information about adults with decision-making disabilities.

The Privacy Commissioner's Oversight role in internal reviews of privacy complaints
In this guidance document, the Privacy Commissioner's oversight role in internal reviews of privacy complaints is outlined.

Guide to Privacy Impact Assessments
This guidance document outlines the benefits of undertaking a Privacy Impact Assessment (PIA) and the basic steps of conducting a PIA.

Seeking a Public Interest Direction under NSW privacy laws
This document provides a guide for seeking a Public Interest Direction (PID).

Data Breach Guidance for NSW Agencies
To provide guidance to NSW public sector agencies on Data Breaches (see new Data Breach Notifications website resources)

Guidance on the preparation and assessment of Privacy Codes of Practice under the PPIP Act and HRIP Act
Issued by the Commissioner

Statutory Guidelines

Statutory Guidelines on Research – section 27B

Guidance: Transborder Disclosure Principle – section 19(2)
These guidelines and the accompanying checklist are designed to be used by NSW public sector agencies that intend to disclose personal information to a recipient outside of NSW jurisdiction. 

NSW Genetic Health Guidelines
These guidelines accompany the amendments to the Health Records and Information Privacy Act 2002 (HRIP Act) made in early 2012.

Use or disclosure of health information for the management of health services 
Legally binding documents that define the scope of particular exemptions in the HPPs. 

Use or disclosure of health information for training purposes 
Legally binding documents that define the scope of particular exemptions in the HPPs. 

Use or disclosure of health information for research purposes 
See appendix C for HREC report form Word version
Legally binding documents that define the scope of particular exemptions in the HPPs. 

Collection of health information from a third party
Legally binding documents that define the scope of particular exemptions in the HPPs. 

Protocols

Privacy protocol for handling complaints
Issued by the Commissioner

Forms

Privacy complaint - internal review
Generic form for the use of agencies and the public to request and internal review in relation to a privacy complaint.

Checklist

Consent
This Self-assessment checklist has been designed to assist agencies and their staff in the assessment of whether consent is required for the use and disclosure of personal information that the agency has collected and holds in the exercise of its functions.

Preparing a public interest direction or code of practice
A checklist to assist agencies with the process of preparing a public interest direction or code of practice under the PPIP or HRIP Acts. This checklist outlines the preliminary steps an agency should undertake before seeking advice from the IPC.

Privacy for NSW public sector agencies
A comprehensive checklist to assist NSW public sector agency staff to comply with NSW privacy law and embed privacy practices into new procedures and services.

Privacy Management Plan assessment checklist
A helpful tool public sector agencies can use to assess existing or draft privacy management plans.

Privacy Internal Review
Internal review checklist for respondent agency.

Identifying privacy issues
During preparation of any proposal, a positive answer to any of the following questions will suggest early consultation with your Privacy Contact Officer.

Checklist for public sector staff: responding to a request to access health information
Under Schedule 1 Health Privacy Principle 7 of the NSW Health Records and Information Privacy Act 2002 (HRIP Act), individuals have a right to access health information about themselves