NSW public sector agencies often need to collect, store and use personal and health information to provide services such as transport, health and education. Public sector agencies are legally required to abide by certain principles to ensure privacy is protected.
You must ensure you understand these core requirements.
The Privacy and Personal Information Protection Act 1998 outlines how NSW public sector agencies must manage personal information and the functions of the NSW Privacy Commissioner. This Act applies to all NSW public sector agencies, statutory authorities, universities, local councils and other bodies whose accounts are subject to the Auditor-General's inspection and audit.
The Health Records and Information Privacy Act 2002 outlines how NSW public sector agencies and health service providers manage the health information of members of the NSW public. This Act applies to agencies that are health service providers or that collect, hold or use health information.
This legislative framework is complemented by other mechanisms, including codes of practice, privacy management plans and complaints management protocols.