Fact Sheets, Guidelines and other Resources

Fact Sheets

NEW Consent and Bundled Consent
This fact sheet has been designed to provide guidance to NSW public sector agencies and Health Care Providers in understanding the issue of consent in relation to Privacy laws in NSW.

NEW IPC Privacy Statement of Jurisdiction
This fact sheet has been developed to help citizens understand the IPC's privacy jurisdiction in NSW, how their privacy is protected, and what to do if they think their privacy has been breached.

Access to Health Information: for Health Care Providers
To assist Health Care Providers in understanding their obligations and responsibilities under NSW privacy laws

NSW Public Sector agencies and the GDPR 
To provide guidance to NSW public sector agencies in understanding the GDPR and in particular the effect for those NSW public sector agencies that offer goods or services to EU citizens

Mandatory Data Breach Notification Scheme
The NDB scheme establishes a mandatory data breach notification scheme that requires organisations covered by the federal Privacy Act to notify individuals likely to be at risk of serious harm due to a data breach.

Reasonably Ascertainable Identity 
This fact sheet offers interpretation and guidance on the meaning of 'reasonably ascertainable identity' as well as practical tips to help users determine if an individuals identity can be ‘reasonably ascertained’.

UPDATED Local councils' use of Closed Circuit TV (CCTV)
Local councils in New South Wales have an exemption from provisions under the Privacy and Personal Information Protection Act 1998 (PPIP Act) to use CCTV cameras in public places.

UPDATED Health Privacy Principles (HPPs)
The 15 Health Privacy Principles (HPPs) are the key to the Health Records and Information Privacy Act 2002 (HRIP Act).

Information Protection Principles (IPPs)
The 12 Information Protection Principles (IPPs) are your key to the Privacy and Personal Information Protection Act 1998 (PPIP Act).

UPDATED Developing mobile apps – know the risks
Privacy should be a top priority in the creative process. This checklist has been designed to provide agencies with information about the privacy implications of developing mobile apps.

UPDATED Understanding your privacy obligations – for public sector staff
Under New South Wales privacy laws, public sector agencies and staff in New South Wales are responsible for protecting the privacy of personal information they collect

Privacy Impact Assessments: An Overview
The PIA Fact Sheet is a quick reference guide to Privacy Impact Assessments and the basic steps of conducting a PIA.

Guides

A Guide to Making Privacy Management Plans
Contains details on the requirements of a plan and helpful questions that public sector agencies can consider when writing one.

Privacy and people with decision-making disabilities
This guide is primarily intended to be used by NSW public sector agencies that handle personal information about adults with decision-making disabilities.

The Privacy Commissioner's Oversight role in internal reviews of privacy complaints
In this guidance document, the Privacy Commissioner's oversight role in internal reviews of privacy complaints is outlined.

Privacy Impact Assessment Guide
This guidance document outlines the benefits of undertaking a Privacy Impact Assessment (PIA) and the basic steps of conducting a PIA.

UPDATED Seeking a Public Interest Direction under NSW privacy laws
This document provides a guide for seeking a Public Interest Direction (PID).

Data Breach Guidance
To provide guidance to NSW public sector agencies on Data Breaches (see new Data Breach Notifications website resources)

Statutory Guidelines

UPDATED Statutory Guidelines on Research - section 27B  

Guidance: Transborder Disclosure Principle – the new section 19(2)
These guidelines and the accompanying checklist are designed to be used by NSW public sector agencies that intend to disclose personal information to a recipient outside of NSW jurisdiction. 

NSW Genetic Health Guidelines
These guidelines accompany the amendments to the Health Records and Information Privacy Act 2002 (HRIP Act) made in early 2012.

Use or disclosure of health information for the management of health services 
Legally binding documents that define the scope of particular exemptions in the HPPs. 

Use or disclosure of health information for training purposes 
Legally binding documents that define the scope of particular exemptions in the HPPs. 

Use or disclosure of health information for research purposes 
See appendix C for HREC report form Word version
Legally binding documents that define the scope of particular exemptions in the HPPs. 

Use or disclosure of information from a third party
Legally binding documents that define the scope of particular exemptions in the HPPs. 

Protocols

Protocol on the preparation and assessment of Privacy Codes of Practice under the PPIP Act and HRIP Act
Issued by the Commissioner

Privacy protocol for handling complaints
Issued by the Commissioner

Forms

Report – Health Research Ethics Committee
Compliance with statutory guidelines on research under the Health Records and Information Privacy Act 2002 (HRIP Act).

Privacy complaint - internal review
Generic form for the use of agencies and the public to request and internal review in relation to a privacy complaint.

Checklist

NEW Consent
This Self-assessment checklist has been designed to assist agencies and their staff in the assessment of whether consent is required for the use and disclosure of personal information that the agency has collected and holds in the exercise of its functions.

NEW Preparing a public interest direction or code of practice
A checklist to assist agencies with the process of preparing a public interest direction or code of practice under the PPIP or HRIP Acts. This checklist outlines the preliminary steps an agency should undertake before seeking advice from the IPC.

Privacy for NSW public sector agencies
A comprehensive checklist to assist NSW public sector agency staff to comply with NSW privacy law and embed privacy practices into new procedures and services.

UPDATED Privacy Management Plan assessment checklist
A helpful tool public sector agencies can use to assess existing or draft privacy management plans.

Privacy Internal Review
Internal review checklist for respondent agency.

UPDATED Identifying privacy issues
During preparation of any proposal, a positive answer to any of the following questions will suggest early consultation with your Privacy Contact Officer.

UPDATED Checklist for public sector staff: responding to a request to access health information
Under Schedule 1 Health Privacy Principle 7 of the NSW Health Records and Information Privacy Act 2002 (HRIP Act), individuals have a right to access health information about themselves