IPC Privacy Proactive Regulatory Initiatives Program
Privacy Commissioner’s introduction
The Information and Privacy Commission (IPC) is one of a few independent statutory authorities in NSW. We administer legislation dealing with privacy and access to government held information in NSW.
While our core work is the provision of advices, undertaking reviews and dealing with complaints, the IPC must also identify and respond to risk to improve and promote compliance.
Like any agency, we have finite resources and must target our efforts to make the most of what we have at our disposal. From time to time, the Privacy Commissioner will look to undertake proactive regulatory initiatives to elevate and influence compliance by regulated entities. The outcomes of these completed initiatives will be published for the awareness and learnings of regulated entities.
Sonia Minutillo
NSW Privacy Commissioner
| Our Role |
|---|
The IPC reports to the NSW Parliament. The Privacy Commissioner:
- reviews the performance and decisions of agencies and investigates and conciliates complaints relating to public sector agencies, health service providers (both public and private) and some large organisations that deal with health information.
- has functions which include promoting privacy rights and the adoption of privacy best practice, preparing guidelines, and oversighting the NSW privacy legislation.
- supports agencies and new service delivery models to achieve compliance with privacy rights through risk identification, agency self-audit tool, guidance and advice.
The IPC conducts proactive regulatory compliance initiatives under the Privacy and Personal Information Protection Act 1998 (PPIP Act) and Health Records and Information Privacy Act 2002 (HRIP Act), and can also undertake investigations or inquiries. These proactive regulatory initiatives are a mechanism which assist agencies to elevate their compliance, improve knowledge and understanding of their requirements and functions.
Through our proactive regulatory initiative function we aim to also:
- promote privacy rights in NSW and provide information, advice, assistance and training for agencies and individuals on privacy and access matters
- disseminate information for the purposes of promoting the protection of the privacy
- provide assistance in preparing privacy management plans
- provide guidance about the legislation and relevant developments in the law and technology as it relates to information access and privacy.
| Regulatory Initiatives Calendar |
|---|
Q3 2024-25 – Q1 2025-26
Joint Commissioner Regulatory Desktop review of Agency Information Guides and Privacy Management Plans
The use of technology, in particular Artificial Intelligence (AI) and Automated Decision Making (ADM) has the capacity to impact and effect the information access and privacy rights of individuals. This review is a joint initiative of the Acting Information Commissioner and Privacy Commissioner to understand the extent to which information on the use of ADM or AI by public sector agencies is included in publicly available Agency Information Guides and Privacy Management Plans. The review will focus on the areas of transparency, notification and accountability and supports the Commissioners’ shared regulatory priority of safeguarding rights through informed oversight (Strategic Priority 1). Agencies across the regulated sectors will be included in this baseline review.
View the IPC's compliance audit calendar for information access here.
