Agency Information Guide

The Information and Privacy Commission NSW (IPC) has published its Agency Information Guide (AIG) in accordance with section 20 of the Government Information (Public Access) Act 2009 (GIPA Act). It provides a mechanism to make government information accessible, promote currency of information and appropriate release, and support the management of government information as a strategic asset.

The AIG appears below or can be viewed and downloaded here IPC Agency Information Guide, updated September 2024.

Who is this information for?	For all audiences and anyone seeking information about the Information and Privacy Commission.
Why is this information important to them?	This AIG is provides a mechanism to make government information accessible, promote currency of information and appropriate release, and support the management of government information as a strategic asset.

1. Introduction

The Information and Privacy Commission NSW (IPC) is committed to ensuring the government information it holds can be accessed easily and at the lowest reasonable cost. Given the IPC’s statutory oversight role, we have a focus on and commitment to access to government information. 

The Government Information (Public Access) Act 2009 (GIPA Act) has the object of advancing a system of responsible and representative democratic Government that is open, accountable, fair and effective. Agency Information Guides (AIGs), which are required under the GIPA Act, play an important role in promoting access to information, supporting participation and contributing to open government. 

This AIG is published in accordance with section 20 of the GIPA Act. The purpose of the IPC’s AIG is to provide general information on the:

• structure and functions of the IPC
• ways in which the functions of the IPC, including the decision-making functions, affect members of the public
• specific arrangements in place to enable members of the public to participate in the formulation of IPC policy and the exercise of IPC functions
• kinds of government information held by the IPC
• kinds of government information held by the IPC that is made publicly available
• manner in which the IPC makes or will make government information publicly available
• kinds of information that are (or will be) made publicly available free of charge and those kinds for which a charge is (or will be) imposed.

Where appropriate, links have been provided to documents, reports, data and other information throughout this AIG to assist in navigating the IPC website.

This AIG is reviewed at least every 12 months and is available from the IPC website at www.ipc.nsw.gov.au/agency-information-guide. The IPC values your feedback on this AIG to ensure the highest levels of accessibility are achieved. You can provide feedback via email at ipcinfo@ipc.nsw.gov.au or by phone on 1800 472 679.

2. About the IPC

About the agency

The IPC was established on 1 January 2011 under the Privacy and Government Information Legislation Amendment Act 2010 by merging the Office of the Information Commissioner and Privacy NSW. The Bill established the Information Commissioner as Chief Executive Officer of the IPC. 

The IPC is an independent integrity agency that administers NSW legislation dealing with privacy and access to government information. The IPC supports the Information Commissioner and the Privacy Commissioner in fulfilling their statutory responsibilities and functions to ensure that individuals and agencies can access consistent information, guidance and training on information access and privacy matters.

More information about the IPC is available in the About Us section on the IPC website. 

IPC functions

The IPC was established to provide a single place for agencies and the community to seek information and assistance with information access and privacy rights in NSW. The IPC promotes and protects privacy and information access rights in NSW by:

• providing information, advice, assistance and training for agencies and individuals on privacy and access matters
• reviewing the performance and decisions of agencies under the GIPA Act 
• investigating and conciliating complaints relating to regulated entities
• providing feedback and advice to Government about the legislation and relevant developments in the law and technology.

The IPC takes a proactive regulatory approach and aims to ensure that the IPC and its oversighted entities operate in ways that advance information access and privacy protection in NSW. Further information about the IPC’s regulatory approach is contained in the Regulatory Framework and associated plans and policies.

The operations of the IPC are themselves overseen by the NSW Committee on the Ombudsman, the Law Enforcement Conduct Commission and the Crime Commission.

Information access

The Information Commissioner administers the following legislation:

• Government Information (Public Access) Act 2009 (NSW) (GIPA Act)
• Government Information (Public Access) Regulation 2018 (NSW) (GIPA Regulations), and
• Government Information (Information Commissioner) Act 2009 (NSW) (GIIC Act).

The Information Commissioner has the power to review information access decisions made by other NSW government agencies and make recommendations about those decisions. The Information Commissioner can also deal with complaints about the conduct of agencies in relation to their information access obligations. The Information Commissioner can undertake investigations, monitor agency functions and report to the Ministers administering the above legislation about proposals for legislative or administrative change. The Information Commissioner is also the Chairperson of the Information and Privacy Advisory Committee, established under the Privacy and Personal Information Act 1998 (PPIP Act).

Additionally, the Information Commissioner provides feedback about the legislation and relevant developments in the law and technological change as it impacts on information access. The Information Commissioner is also:

• an integrity agency under the Public Interest Disclosures Act 2022, dealing with reports of serious wrongdoing involving government information contraventions.

Privacy

The Privacy Commissioner administers the following legislation:

• Privacy and Personal Information Protection Act 1998 (NSW) (PPIP Act)
• Privacy and Personal Information Protection Regulation 2014 (NSW) (PPIP Regulation)
• Health Records and Information Privacy Act 2002 (NSW) (HRIP Act)
• Health Records and Information Privacy Regulation 2022 (NSW) (HRIP Regulation).

The Privacy Commissioner’s role includes promoting privacy; preparing reports; recommending legislative, administrative or other action in the interests of privacy; and conducting inquiries and investigations into privacy related matters.

The Privacy Commissioner also oversees the conduct of internal reviews by oversighted entities and deals with complaints about privacy related matters. The Privacy Commissioner has the power to receive, investigate and conciliate complaints made against an agency, health service provider or organisation holding health information. The Privacy Commissioner also provides assistance to agencies in adopting and complying with the information protection principles, privacy codes of practice and the mandatory notification of data breach scheme. The Privacy Commissioner reports to the Ministers responsible for the above legislation about proposals for legislative or administrative change. The Privacy Commissioner is also:

• an investigating authority under the Public Interest Disclosures Act 2022, dealing with reports of serious wrongdoing involving privacy contraventions.

Corporate functions and services

The IPC has corporate functions and obligations that it is required to fulfil including the effective and efficient management of:

• finances  
• staff
• procurement  
• assets  
• annual reporting 
• information technology
• legislative compliance 
• corporate governance. 

These functions are conferred on the IPC under a number of Acts. Some of the key Acts include the:

• Government Sector Employment Act 2013 – employment of staff
• Government Information (Public Access) Act 2009 – publication of certain government information and granting access to other information
• Privacy and Personal Information Protection Act 1998 – standards and requirements for collection and use of personal information
• Work Health and Safety Act 2011 – requirements for healthy and safe work practices
• Workplace Injury Management and Workers Compensation Act 1998 – management of injury and return to work
• Government Sector Finance Act 2018 – management and administration of financial affairs and requirements for annual reporting
• Public Interest Disclosures Act 2022 – requirements for dealing with complaints under the Act 

Being a small agency, not all corporate functions and services can be delivered in-house. The IPC receives or procures key corporate services through inter-agency memoranda of understanding. 

3. Organisational structure 

The IPC is a separate agency under Schedule 1 of the Government Sector Employment Act 2013 (GSE Act) and the Information Commissioner is appointed as agency head and is responsible to the relevant Minister or Ministers. As the agency head, the Information Commissioner is responsible for the budget and the general administration of the IPC, including employing and allocating staff to carry out work. 

The NSW Joint Parliamentary Committee on the Ombudsman, the Law Enforcement Conduct Commission and the Crime Commission oversees the operations of the Information Commissioner and Privacy Commissioner. The Information Commissioner reports to the NSW Parliament on the operation of the GIPA Act and the GIIC Act. The Privacy Commissioner reports to the NSW Parliament on the operation of the PPIP Act and the HRIP Act. 

The Information Commissioner is appointed by the NSW Governor under the GIIC Act for a term of up to 5 years and for no more than 2 terms.

The Privacy Commissioner is appointed by the NSW Governor under the PPIP Act, with similar term limits.

Acting Privacy and/or Information Commissioners can also be appointed by the Ministers from time to time.

The IPC has three business units that assist the Information Commissioner and Privacy Commissioners. These units are:

• Business Improvement – strategically informs, shapes and delivers the IPC’s regulatory message to stakeholders, as well as providing HR, IT, procurement and other business services, in conjunction with external providers.
• Legal Counsel and Regulatory Advice – provides legal advice and regulatory advice, reporting and intelligence services to support the IPC and the Commissioners 
• Investigation and Review – delivers the IPC’s and Commissioners’ regulatory and oversight functions to promote compliance with the legislation and support members of the public to access their rights

Each year, the IPC reports on its activities over the course of the year through its Annual Report. See the IPC website for all published Annual Reports to date. 

IPC contact details

For further information, you can contact the IPC using the details below:

Post:                           Information and Privacy Commission, GPO Box 7011, SYDNEY NSW 2001

Email:                         ipcinfo@ipc.nsw.gov.au

Website:                     www.ipc.nsw.gov.au

Telephone:                 1800 472 679 

Media enquiries:       0435 961 691

Media email:              communications@ipc.nsw.gov.au

Office location:         Level 15, McKell Building 2-24 Rawson Place, Haymarket NSW 2000 (Public attendance at the IPC office is available via pre-arranged appointment)

4. How the IPC’s decision-making functions affect members of the public

Through the Commissioners’ review and complaints-handling functions, members of the public may seek resolution of their concerns about the conduct of NSW agencies without participating in a formal process through a court or tribunal. When these oversight and investigation functions are exercised, however, the outcome is advisory only – that is, the NSW public sector agency involved is not required to follow any recommendations of the Commissioners. There is no review of the outcome of the Commissioners’ oversight or investigation to a NSW court or tribunal; rather, there is only review in relation to the decisions of the agency involved. Reviews and complaint-handling is performed generally by officers acting under delegation from the Commissioners.

To provide transparency for members of the public about the exercise of the IPC’s functions, and accountability to the NSW Parliament, the Commissioners each table reports in the NSW Parliament. These reports do not name members of the public, except where these are already published by a court or tribunal. Members of the public may read these reports through the website of the IPC or the NSW Parliament to understand the level of compliance by NSW agencies with their information access and privacy obligations.

Both Commissioners also undertake audits and investigations of agencies from time to time to assess levels of compliance outside the context of a review or complaint from a member of the public. The outcomes of these audits and investigations are generally published, including recommendations made to agencies for improvements.

While some digital search and research tools are used by the IPC in the exercise of audit and investigation powers, the IPC does not use any technology that automates the making of a decision under legislation by either Commissioner.

5. How the IPC engages with the public and its stakeholders

Public participation

The IPC is committed to promoting public participation and establishing arrangements that support members of the public to participate in the formulation of policies and the exercise of its functions. 

The IPC recognises the importance of public involvement in the development of policy and service delivery. Engaging with and maintaining public participation ensures that the needs and expectations of the public are considered in the business of government and can deliver meaningful improvement in policy outcomes and service delivery. 

Throughout the year the IPC looks for opportunities to engage directly with the public, to seek input on its work, in the exercise of its functions and on important issues affecting information access and privacy rights. 

Each year the IPC engages directly with the public through Privacy Awareness Week in May, and Right to Know Week (and International Day for Universal Access to Information) in September. These events are detailed on the IPC Campaigns and Key Events page on the IPC website.

IPC engagement channels

The IPC engages with the public regularly through a number of electronic channels, to provide a fast and easy way for the public to engage, seek assistance or provide feedback. 

When considering any consultation with the NSW community, the IPC takes into consideration what it is asking, why it is asking it, and who it wants to ask. This informs which channel will be used to conduct the consultation or survey. 

The IPC uses its website, social media, email groups and other communication channels to let people know when it is conducting public consultations. The IPC will provide sufficient information to understand the purpose of any public consultation it does.

Surveys

The IPC conducts surveys to obtain the views of its stakeholders to inform the statutory reports of the Commissioners and the IPC’s broader regulatory work. Survey results assist in understanding levels of stakeholder knowledge and awareness of information access and privacy legislation, key themes and trends. This information is used to inform the development of regulatory resources. The IPC proactively publishes the results from the surveys conducted on its website and these results are generally available as part of its reports. 

IPC website

The IPC website is used to provide the public with resources and information about regulatory functions and activities, awareness campaigns, submissions, events, policies, news and developments. Members of the public can use the Contact us section of the website to get in touch and provide feedback on its activities and functions. The website can be accessed at www.ipc.nsw.gov.au.

The IPC website details the release of new information through a number of links, particularly resources on information access and privacy, as well as specific information that was developed or updated as a result of the COVID-19 pandemic. There are landing pages for information access and privacy, with quick links to simplify finding information, including its Compliance Audit Calendar and Privacy Proactive Regulatory Initiatives Calendar. The IPC continues to publish compliance reports for information access and privacy.

Social media

The IPC Facebook account is used to provide information on government information access and privacy matters and raise public awareness about members of the public’s rights under NSW information access and privacy legislation. The IPC Facebook account is also monitored during office hours. Members of the public are able to send direct messages via Facebook, however it is requested that you contact the IPC via its other channels to complete your enquiry.

The IPC LinkedIn account is used to promote and encourage connection with the IPC by other organisations and agencies. Where possible, this channel is used to promote the release of new guidance, events, launches and proactive campaigns for Right to Know Week and Privacy Awareness Week.

The IPC YouTube channel is used to house video content such as animations and recordings of events during IPC campaigns. The channel is used to cross promote video content to other social channels and provides ongoing access to past recorded content.

When engaging with any IPC social media account, all engagement must align with the IPC’s Social Media Terms of Use.

NSW Have Your Say

Have Your Say is a website that enables NSW Government agencies to publicise consultations being conducted throughout the state. The site provides a central place for the public to search via their location and/or by topic to discover consultations that interest them.

It enables them to share their views and ideas on Government plans to improve services, the economy and infrastructure in NSW. We use Have Your Say as an additional channel when we commence a consultation.

Open Data

The IPC receives agency reports containing data on GIPA obligations and these reports are used by the IPC as the basis for the Information Commissioner’s annual Report on the Operation of the Government Information (Public Access) Act 2009, across all agencies and dis-aggregated to the sector level. 

As part of the IPC’s commitment to transparency in government and open data, the online agency-level GIPA data has been made more accessible by publishing it in a form that allows deeper analysis and comparisons.

Information and Privacy Advisory Committee (IPAC)

IPAC is an advisory body, including to the Information Commissioner and the Privacy Commissioner. Members of IPAC are appointed by the NSW Governor from time to time on the recommendation of the portfolio Ministers, from representatives of the public providing opportunity for the community to participate and contribute to the advancement of information access and privacy rights.

Information about IPAC is available via the IPC website.

Feedback and complaints 

The IPC welcomes input and feedback from the public, community organisations and government agencies regarding its services and publications. The IPC receives a range of diverse correspondence and complaints through a variety of channels including via the IPC website, emails, letters, phone calls and social media.

Members of the public are encouraged to provide feedback on IPC services and publications. This feedback is important to the IPC and assists in informing its policies and publications, and improving its services. 

The IPC publishes the results of its client satisfaction surveys annually in its Annual Report. The IPC is committed to responding to feedback and complaints in accordance with the IPC Service Charter.

All feedback and complaints are dealt with confidentially and personal information is managed in accordance with the privacy protection principles in the PPIP Act. Further information about how the IPC handles personal information is available in the IPC Privacy Management Plan.

You can provide feedback by using the contact details contained in section 3 of this document.\

How to provide input on regulatory/oversight activities

As independent integrity agency in respect of NSW information access and privacy legislation, a key part of the IPC’s work is delivered through regulatory and oversight functions and activities. These relate primarily to the review, complaint, data breach reporting, annual reporting, investigative and advisory work of the IPC.

From time to time, the IPC sets priorities under a Regulatory Framework.

The IPC uses a range of approaches to deliver the compliance activities identified as necessary to achieve regulatory objectives and to influence long-term cultural change for better information access by agencies. 

This involves the examination of process and legislative requirements to inform development of regulatory activities and resources. The development of individual regulatory activities creates an opportunity for meaningful engagement with both agencies and members of the public in raising awareness and understanding of the GIPA Act. The engagement is designed to be achieved through the mechanisms outlined in section 4 of this AIG.

Through the review of agency decisions and complaints received, the public plays an important role in informing the Information Commissioner on systemic issues, themes and developing trends.

In addition, the IPC welcomes other feedback from the public on agency compliance, including concerns about accessing information under the GIPA Act.

You can provide feedback by using the contact details contained in section 3 of this document. The IPC also seeks out feedback from the NSW community and its stakeholders on its regulatory activities through its website.

6. Information the IPC holds

The IPC holds a range of information including:

• policy and planning documents
• documents on the internal administration of the agency
• internal working papers of the agency
• documents prepared for submission to the NSW Parliamentary Joint Committee on the Ombudsman, the Law Enforcement Conduct Commission and the Crime Commission
• documents relating to complaints, audits, reviews, data breaches and investigations conducted by the Information Commissioner and the Privacy Commissioner
• correspondence with NSW government agencies
• correspondence with the public
• correspondence with other jurisdictions
• guidelines and directions issued by the Privacy Commissioner and the Information Commissioner
• submissions made by Commissioners to parliamentary and other inquiries
• presentations made by Commissioners to agencies and interest groups
• performance reports and statistics on regulatory and corporate functions
• advice provided by Commissioners to the Minister for Customer Service and Digital Government, and the Attorney General as required under the Digital Restart Fund Act 2020
• information resources for the community, public sector and private sector.

Some of this information can be accessed online at www.ipc.nsw.gov.au. If you find that you are having difficulties reading documents or other material, or if you cannot find the information you are seeking on the website, please contact the IPC using the details contained in section 3 of this document. 

7. How to access the IPC’s information

The IPC keeps records associated with its functions of reviewing agency decisions, providing advice and guidance to the public and regulated entities as well as other non-regulatory functions.

The IPC makes information available under the GIPA Act in four ways:

• as open access information
• through proactive release of information
• through informal access 
• in response to a formal access application.

Open access information

Information which is classified as open access information, is information that the IPC is required to make available. This information is made available unless it is not in the public interest to do so.

Open access information that the IPC makes available is generally via its website free of charge. This freely available information is generally provided through the following publications:

• IPC Annual and Quarterly Reports
• IPC Strategic Plan 
• other documents tabled in Parliament concerning the IPC
• current agency policy documents
• all current privacy and information access guidelines and directions issued by the Privacy Commissioner and the Information Commissioner 
• Register of government contracts
• the IPC’s disclosure log (this guide provides further information about the IPC’s disclosure log)
• this IPC Agency Information Guide.

Proactive release of information

A key intention of the Government Information (Public Access) Act 2009 (GIPA Act) is to encourage proactive public release of government information by NSW public sector agencies. This is one of the major ways to meet the GIPA Act’s broader goal of advancing democratic government that is open, accountable, fair and effective. Further information on the purpose of proactive release can be found in the Fact Sheet - Authorised proactive release of government information

The GIPA Act authorises agencies to release information through proactive release programs which must be reviewed each year.

The IPC reviews its proactive release program each year through the following mechanisms:

• assigning responsibility to a committee to identify government information that can be proactively released
• reviewing presentations and thought leadership articles by the Commissioners and determining whether to proactively release them on the IPC website
• proactively releasing government information as it becomes available e.g. Quarterly Performance Data, GIPA Agency Dashboard, Mandatory Data Breach Statistics
• proactively releasing Media Releases, Statements and Publications relevant to agencies and the public on accessing government information and protecting their privacy
• publishing e-learning modules to assist agencies and the public in understanding information access and privacy concepts, guidelines and principles.

A Register of information that has been released through the IPC’s proactive release program, is published on the IPC website.

Informal access

Members of the public can request information that is not available through the IPC’s website. The IPC will endeavour to respond to these requests informally, and only require a formal access application in limited circumstances. Information provided through informal release is free of charge.

An informal request for access to information can be made by contacting the IPC’s Right to Information Officer – see contact details below. 

Formal access applications

After considering requests to informally access information, applicants who want to submit a formal access application can do so by contacting the Right to Information Officer. The IPC waives the statutory fee for making a formal access application.

To make a formal access application for information held by the IPC, an access application must:

• be in writing and
• sent by email to ipcinfo@ipc.nsw.gov.au; or
• lodged via post to Information and Privacy Commission GPO Box 7011 SYDNEY NSW 2001
• clearly indicate that it is a formal access application made under the GIPA Act
• state the name of the applicant and a postal or email address as the address for correspondence in connection with the application
• provide such information as is reasonably necessary to enable the government information applied for to be identified.

An applicant must disclose on their access application whether they have applied to another agency, at any time, for substantially the same information, and if so, they must identify the agency. However, an application will not be invalid if an applicant fails to make this disclosure.

A GIPA Access Application form for information held by the IPC is available on the IPC website. 

Under section 127, of the GIPA Act, the IPC has exercised its discretion to waive all fees and charges associated with access applications. This supports the object of the GIPA Act, which is intended to facilitate access to government information at the lowest reasonable cost.

Applicants intending to make a formal application are encouraged to consider the impact of the excluded information provisions on the information that they intend to request access to. 

For further assistance, you can contact the IPC’s Right to Information Officer.

Excluded information

The GIPA Act prescribes that some information held by the IPC, which forms part of the complaint handling, review and investigative functions relating to the Information Commissioner and Privacy Commissioner, is excluded information.

This means that there is a conclusive presumption against the release of this information unless the release of the information has been consented to. An access application for this type of excluded information is considered an invalid access application under the GIPA Act. 

Disclosure log

The IPC maintains a disclosure log under section 25 of the GIPA Act which documents the information it releases in response to access applications, and that may be of interest to members of the public.

The disclosure log provides a mechanism to further proactively release information to the public. 

A regular review of the IPC’s disclosure log provides a valuable opportunity to analyse data collected from across the IPC on requests for information and to identify trends and documents that could be released proactively. This allows the IPC to update the AIG to reflect the released information. Increased disclosure of information from the disclosure log allows citizens greater opportunity to participate in the policy formulation and service delivery and identifies trends and documents that could be released proactively. 

The IPC’s Right to Information Officer

The IPC’s Right to Information Officer can be contacted using the details below:

Right to Information Officer, Information and Privacy Commission

Post:                           GPO Box 7011, SYDNEY NSW 2001

Email:                         ipcinfo@ipc.nsw.gov.au

Phone:                        1800 472 679

Business Hours:       Monday to Friday 9am to 5pm (excluding public holidays)

The IPC can be contacted through the National Relay Service (NRS) on 133 677 for anyone with a hearing or speech impairment and through the Translating and Interpreting Service (TIS) on 131 450 for anyone requiring the assistance of an interpreter.