Fact Sheets, Guidelines and other Resources

Fact Sheets

NEW IPC Privacy Statement of Jurisdiction
This fact sheet has been developed to help citizens understand the IPC's privacy jurisdiction in NSW, how their privacy is protected, and what to do if they think their privacy has been breached.

Access to Health Information: for Health Care Providers
To assist Health Care Providers in understanding their obligations and responsibilities under NSW privacy laws

NSW Public Sector agencies and the GDPR 
To provide guidance to NSW public sector agencies in understanding the GDPR and in particular the effect for those NSW public sector agencies that offer goods or services to EU citizens

Mandatory Data Breach Notification Scheme
The NDB scheme establishes a mandatory data breach notification scheme that requires organisations covered by the federal Privacy Act to notify individuals likely to be at risk of serious harm due to a data breach.

Privacy Settings
When using social media it is crucial to remain vigilant and regularly check your privacy settings to keep your information safe.

Reasonably Ascertainable Identity 
This fact sheet offers interpretation and guidance on the meaning of 'reasonably ascertainable identity' as well as practical tips to help users determine if an individuals identity can be ‘reasonably ascertained’.

Local councils' use of Closed Circuit TV (CCTV)
Local councils in New South Wales have an exemption from provisions under the Privacy and Personal Information Protection Act 1998 (PPIP Act) to use CCTV cameras in public places.

Health Privacy Principles (HPPs)
The 15 Health Privacy Principles (HPPs) are the key to the Health Records and Information Privacy Act 2002 (HRIP Act).

Identification (ID) scanning
Did you know there are both state and Commonwealth privacy laws that may apply when someone scans your ID? 

Information Protection Principles (IPPs)
The 12 Information Protection Principles (IPPs) are your key to the Privacy and Personal Information Protection Act 1998 (PPIP Act).

Mobile apps – know the risks
Privacy should be a top priority in the creative process. This checklist has been designed to provide agencies with information about the privacy implications of developing mobile apps.

Understanding your privacy obligations – for public sector staff
Under New South Wales privacy laws, public sector agencies and staff in New South Wales are responsible for protecting the privacy of personal information they collect

Privacy Impact Assessments: An Overview
The PIA Fact Sheet is a quick reference guide to Privacy Impact Assessments and the basic steps of conducting a PIA.

Guides

A Guide to Making Privacy Management Plans
Contains details on the requirements of a plan and helpful questions that public sector agencies can consider when writing one.

Privacy and people with decision-making disabilities
This guide is primarily intended to be used by NSW public sector agencies that handle personal information about adults with decision-making disabilities.

The Privacy Commissioner's Oversight role in internal reviews of privacy complaints
In this guidance document, the Privacy Commissioner's oversight role in internal reviews of privacy complaints is outlined.

Privacy Impact Assessment Guide
This guidance document outlines the benefits of undertaking a Privacy Impact Assessment (PIA) and the basic steps of conducting a PIA.

Public Interest Directions Guide
This document provides a guide for NSW public sector agencies seeking a Public Interest Direction (PID).

Data Breach Guidance
To provide guidance to NSW public sector agencies on Data Breaches (see new Data Breach Notifications website resources)

Statutory Guidelines

Statutory Guidelines on Research - section 27B  

Guidance: Consent 
Privacy laws in NSW sometimes require that an individual’s consent is needed for an activity to occur. This Fact Sheet offers a checklist and guidance on the meaning of ‘consent’ for use and disclosure of personal or health information.

Guidance: Transborder Disclosure Principle – the new section 19(2)
These guidelines and the accompanying checklist are designed to be used by NSW public sector agencies that intend to disclose personal information to a recipient outside of NSW jurisdiction. 

NSW Genetic Health Guidelines
These guidelines accompany the amendments to the Health Records and Information Privacy Act 2002 (HRIP Act) made in early 2012.

Use or disclosure of health information for the management of health services 
Legally binding documents that define the scope of particular exemptions in the HPPs. 

Use or disclosure of health information for training purposes 
Legally binding documents that define the scope of particular exemptions in the HPPs. 

Use or disclosure of health information for research purposes 
See appendix C for HREC report form -Webform/Word version
Legally binding documents that define the scope of particular exemptions in the HPPs. 

Use or disclosure of information from a third party
Legally binding documents that define the scope of particular exemptions in the HPPs. 

Protocols

Protocol on the preparation and assessment of Privacy Codes of Practice under the PPIP Act and HRIP Act
Issued by the Commissioner

Privacy protocol for handling complaints
Issued by the Commissioner

Forms

Report – Health Research Ethics Committee
Compliance with statutory guidelines on research under the Health Records and Information Privacy Act 2002 (HRIP Act).

Privacy complaint - internal review
Generic form for the use of agencies and the public to request and internal review in relation to a privacy complaint.

Checklist  

Privacy compliance
A comprehensive checklist to assist NSW public sector agency staff to comply with NSW privacy laws.

The privacy management plan assessment checklist
A helpful tool public sector agencies can use to assess existing or draft privacy management plans.

Privacy Internal Review
Internal review checklist for respondent agency.

Identifying privacy issues
During preparation of any proposal, a positive answer to any of the following questions will suggest early consultation with your Privacy Contact Officer.

Checklist for public sector staff: responding to a request to access health information
Under Schedule 1 Health Privacy Principle 7 of the NSW Health Records and Information Privacy Act 2002 (HRIP Act), individuals have a right to access health information about themselves