Policy - CEO - Executed Instrument of Authorisation to Staff
Read the full document below or download it here: CEO - Executed Instrument of Authorisation to Staff March 2026
Instrument of Authorisation
Government Information (Public Access) Act 2009 (NSW)
Privacy and Personal Information Protection Act 1988 (NSW)
Health Records and Information Privacy Act 2002 (NSW)
State Records Act 1998 (NSW)
I, Emeritus Professor Rosalind Croucher AM, Chief Executive Officer, authorise the exercise and performance of matters arising under, or incidental to the functions, authorities, duties and powers set out in Schedules 1, 2, 3 and 4 to this instrument, to the officers appointed (whether on an ongoing, acting or temporary basis) to the roles set out in those schedules.
This instrument revokes and replaces all previous authorisations.
This instrument authorises the functions, authorities, duties and powers of the Chief Executive Officer under:
-
the Government Information (Public Access) Act 2009 (NSW);
-
the Privacy and Personal Information Protection Act 1998 (NSW);
-
the Public Interest Disclosures Act 2022 (NSW); and
-
the State Records Act 1998 (NSW).
A delegation under this instrument is subject to the following conditions:
- A delegate is not authorised to sub-delegate any of the delegated functions to another person
- A delegation may be temporarily withdrawn by a more senior delegate at any time, provided it is within their area of responsibility. This is to be managed as a local administrative arrangement and must be communicated in writing to relevant delegates.
- Managers have a responsibility to ensure all their staff, particularly those who hold a delegation, are aware of, and understand the powers and limitations of the delegations and the associated responsibilities.
- Delegates found to have exercised a delegation improperly or exceeded the scope of their delegation, may have their delegation(s) revoked without notice, in addition to any other disciplinary action.
In relation to the identification of a delegate, the abbreviations used in this Instrument have the following meanings:
| AC | Assistant Commissioner, Reviews and Compliance |
| DCSBI | Director, Corporate Services and Business Improvement |
| DRAGC | Director, Regulatory Advice and General Counsel |
| MCCA | Manager, Communications and Corporate Affairs |
| MSCS | Manager, Systems and Corporate Services |
| SL | Senior Lawyer |
This instrument takes effect from the date it is executed.
This authorisation will continue until revoked notwithstanding the termination of my office as Chief Executive Officer.
Emeritus Professor Rosalind Croucher AM FAAL
Chief Executive Officer
Date: 24 March 2026
Instrument of Authorisation – Schedule 1
Government Information (Public Access) Act 2009 (NSW)
| Section |
Description |
MSCS |
DCSBI |
SL |
DRAGC |
|---|---|---|---|---|---|
|
s. 6(1)
|
Make government information that is open access information publicly available unless there is an overriding public interest against disclosure of the information |
X |
X |
|
|
|
s. 6(4)
|
Facilitate public access to open access information contained in a record by deleting matter from a copy of the record |
X |
X |
|
|
|
s. 6(5)
|
Keep a record of the open access information that it does not make publicly available on the basis of an overriding public interest against disclosure |
X |
X |
|
|
|
s. 7(1)
|
Make any government information held by the agency publicly available unless there is an overriding public interest against disclosure of the information |
X |
X |
|
|
|
s. 7(3)
|
Review IPC’s program for the release of government information |
X |
X |
|
|
|
ss. 7(4) and 8(5)
|
Facilitate public access to government information contained in a record by deleting matter from a copy of the record to be made publicly available |
X |
X |
|
|
|
s. 8(1)
|
Release government information in response to an informal request unless there is an overriding public interest against disclosure of the information |
X |
X |
|
|
|
s. 16(1)
|
Provide advice and assistance to a person who requests or proposes to request access to government information |
X |
X |
|
|
|
s. 20
|
Make government information publicly available as provided by agency information guide (AIG) |
X |
X |
|
|
|
s. 21
|
Review AIG and adopt a new AIG at least annually |
X |
X |
|
|
|
ss. 25 and 26
|
Keep a record of access applications (Disclosure Log) |
X |
X |
|
|
|
ss. 27-31, 33 and 35
|
Keep a register of government contracts. |
X |
X |
|
|
|
s. 44
|
Transfer an access application |
X |
X |
|
|
|
s. 51
|
Determine whether an access application is valid and send acknowledgment letter |
X |
X |
|
|
|
s. 52(3)
|
Provide advice and assistance to assist an applicant to make an invalid access application valid |
X |
X |
|
|
|
s. 53(2)
|
Undertake reasonable searches for government information in response to an access application. |
X |
X |
X |
X |
|
ss. 54 and 54A
|
Consult with a person or another agency before providing access to information. |
X |
X |
X |
X |
|
s. 55
|
Determining whether there is an overriding public interest against disclosure of information in response to an access application. |
X |
X |
|
|
|
ss. 57-62
|
Decide an access application and provide notice to the applicant of the decision. |
X |
X |
|
|
|
ss. 72-76
|
Provide access to government information in response to an access application. |
X |
X |
|
|
|
ss. 83, 84 and 86
|
Conduct an internal review of a decision on an access application |
|
X |
|
X |
Instrument of Authorisation – Schedule 2
Privacy and Personal Information Protection Act 1998 (NSW)
| Section | Description |
MCCA |
DCSBI |
|---|---|---|---|
|
s. 33(1)
|
Prepare and implement a Privacy Management Plan |
|
X |
|
s. 53
|
Undertake internal review of a privacy complaint |
|
X |
| s. 59E | Receive data breach report and carry out an assessment |
|
X |
| s. 59F | Make reasonable attempts to mitigate harm |
|
X |
| s. 59G | Direct a person to carry out an assessment |
|
X |
|
s. 59J(2)
|
Decide whether a data breach is an eligible data breach |
|
X |
| s. 59N | Notify affected individuals |
|
X |
|
s. 59P
|
Make a public notification and keep a register of public notifications on the agency website |
X |
X |
|
s. 59Q
|
Provide further information to the Privacy Commissioner about an eligible data breach |
|
X |
|
ss. 59W(5) and 59X(3)
|
Notify the Privacy Commissioner if exemption for serious risk of harm to health and safety is applied or exemption for compromised cyber security is applied. |
|
X |
|
s. 59ZD
|
Prepare and publish Data Breach Policy |
|
X |
|
s. 59ZE
|
Prepare and maintain an internal register for eligible data breaches |
|
X |
Instrument of Authorisation – Schedule 3
Public Interest Disclosures Act 2022 (NSW)
| Section | Description |
AC |
DRAGC |
|---|---|---|---|
|
s. 34
|
Referrals of information relating to detrimental action offences |
X |
X |
|
s. 54(2)
|
Consult the Ombudsman or another integrity agency in relation to action or proposed action to deal with a voluntary public interest disclosure. |
X |
X |
|
s. 55 and 56
|
Investigate a voluntary public interest disclosure. |
X |
X |
|
s. 57(3)
|
Consider, consult if required and refer a voluntary public interest disclosure. |
X |
X |
| s. 78 | Provide annual return to the Ombudsman |
X |
X |
Instrument of Authorisation – Schedule 4
State Records Act 1998 (NSW)
| Section |
Description |
MSCS |
DCSBI |
|---|---|---|---|
|
s. 10
|
Ensure that the public office complies with the requirements of this Act and the regulations and that the requirements of this Act and the regulations with respect to State records |
X |
X |
