New South Wales (NSW) public sector agencies often need to collect, store and use your personal and health information to provide you and your family with services such as transport, health and education.
In doing this, they are legally required to abide by Information Protection Principles (IPPs) and Health Privacy Principles (HPPs) to ensure your privacy is protected.
These principles include requirements that information about you must be relevant, accurate and does not intrude upon your personal affairs.
You can view information an agency holds about you by making an application to make sure it is correct.
Privacy can mean many things – from the right to be left alone, to the right to have some control over how your personal or health information is properly collected, stored, used or released.
Privacy can be thought of in different ways, for example:
- Physical privacy – such as bag searching, use of DNA
- Information privacy – the way in which government agencies or organisations handle personal information such as age, address, physical or mental health records
- Freedom from surveillance – the right to go about our daily lives without being intentionally observed or having all our actions caught on camera.
How does NSW legislation view privacy?
The NSW Privacy Commissioner oversees NSW laws that protect your personal information and health information. These laws are the Privacy and Personal Information Protection Act 1998 (PPIP Act) and the Health Records Information Privacy Act 2002 (HRIP Act).
What is personal information?
Section 4 of the PPIP Act defines ‘personal information‘ as:
“Information or an opinion (including information or an opinion forming part of a database and whether or not in a recorded form) about an individual whose identity is apparent or can be reasonably be ascertained from the information or opinion”.
Personal information is information that identifies you. Personal information could be:
- a record which may include your name, address and other details about you
- photographs, images, video or audio footage
- fingerprints, blood or DNA samples.
There are some exemptions from the definition of personal information, for example the definition doesn’t include personal information about a person who has been dead for more than 30 years.
A legal definition of ‘personal information’ is outlined in section 4 of the PPIP Act.
What is health information?
‘Health information’ is a specific type of personal information which may include details about your physical or mental health, or disability. This could be:
- personal information you provide to any health organisation
- your health information held by an organisation that holds health information, for example: an insurer, a gym or a health service you have or will be using
- organ donation information
- some genetic information about you, your relatives or your descendants.
A legal definition of ‘health information’ is outlined in section 6 of the HRIP Act.