IPC Privacy Proactive Regulatory Initiatives Program

Privacy Commissioner’s introduction

The Information and Privacy Commission (IPC) is one of a few independent statutory authorities in NSW. We administer legislation dealing with privacy and access to government held information in NSW.

While our core work is the provision of advices, undertaking reviews and dealing with complaints, the IPC must also identify and respond to risk to improve and promote compliance.

Like any agency, we have finite resources and must target our efforts to make the most of what we have at our disposal. From time to time, the Privacy Commissioner will look to undertake proactive regulatory initiatives to elevate and influence compliance by regulated entities. The outcomes of these completed initiatives will be published for the awareness and learnings of regulated entities.

Samantha Gavel
NSW Privacy Commissioner

Our Role

The IPC reports to the NSW Parliament. The Privacy Commissioner:

  • reviews the performance and decisions of agencies and investigates and conciliates complaints relating to public sector agencies, health service providers (both public and private) and some large organisations that deal with health information.
  • has functions which include promoting privacy rights and the adoption of privacy best practice, preparing guidelines, and oversighting the NSW privacy legislation.
  • supports agencies and new service delivery models to achieve compliance with privacy rights through risk identification, agency self-audit tool, guidance and advice.

The IPC conducts proactive regulatory compliance initiatives under the Privacy and Personal Information Protection Act 1998 (PPIP Act) and Health Records and Information Privacy Act 2002 (HRIP Act), and can also undertake investigations or inquiries. These proactive regulatory initiatives are a mechanism which assist agencies to elevate their compliance, improve knowledge and understanding of their requirements and functions.

Through our proactive regulatory initiative function we aim to also:

  • promote privacy rights in NSW and provide information, advice, assistance and training for agencies and individuals on privacy and access matters
  • disseminate information for the purposes of promoting the protection of the privacy
  • provide assistance in preparing privacy management plans
  • provide guidance about the legislation and relevant developments in the law and technology as it relates to information access and privacy.
Regulatory Initiatives Calendar

Q2 2022/23

Desktop Audit of Privacy Management Plans (PMP)
This initiative will be a follow up audit of a selection of public sector agencies, councils and universities undertaken in Q2 of 2022/23. It will review the compliance 12 months after the Privacy Commissioner’s 2021 audit report. The focus will remain in relation to the existence and currency of the PMP and the extent to which compliance with providing the PMP to the Privacy Commissioner is occurring. This audit will draw on prior methodology to assess the level of compliance across government agencies, local councils and universities.

View the IPC's compliance audit calendar for information access here.