Fact Sheet - State Owned Corporations (SOCs) and your right to government and personal information

This fact sheet appears below or can be viewed and download it here Fact Sheet - State Owned Corporations (SOCs) and your right to government and personal information, updated February 2023

In NSW, the State Owned Corporations Act 1989 has established a number of commercial businesses that are owned by the NSW Government. These businesses are established on behalf of the people of NSW to provide critical services. This fact sheet has been designed to provide citizens in NSW information about how information access and privacy laws apply to State Owned Corporations.

What is a State Owned Corporation?

State Owned Corporations (SOCs) are established under the State Owned Corporations Act 1989 (NSW) (SOC Act) and must comply with the requirements set out in that Act, as well as any other applicable legislation that is relevant to their functions.

There are currently eight statutory SOCs in NSW as listed in Schedule 5 to the SOC Act:

• Essential Energy
• Forestry Corporation of NSW
• Hunter Water
• Port Authority of NSW
• Sydney Water
• Landcom
• Water NSW
• Transport Asset Holding Entity of New South Wales

Each of the eight SOCs are established and governed by their own legislation.

SOCs and your right to government information in NSW

The Government Information (Public Access) Act 2009 (NSW) (GIPA Act) gives citizens a legally enforceable right to access government information[1]. That enforceable right also applies to SOC’s.

Under Schedule 4, Clause 2 of the GIPA Act, SOCs are included in the definition of a “public authority”. This means that SOCs are subject to the GIPA Act.

Government information means any information contained in a record[2] held by the NSW government agency. This can include records of the agency (including SOCs), and your own personal information.

Do all aspects of the GIPA Act apply to SOCs?

Yes, as a public authority SOCs are subject to the provisions of the GIPA Act like other state agencies and are required to give out certain information without the need for a formal access application.

SOCs are required to release open access information and make it publicly available free of charge.[3] SOCs are also authorised to proactively release government information they hold, unless there is an overriding public interest against disclosure.[4]

SOCs can also provide government information to a citizen in response to an informal request, unless there is an overriding public interest against disclosure.[5]

Each SOC will have information about how to access information on their website and details on contacting the SOC if you are unable to locate the information.

Are there any exceptions under the GIPA Act?

Yes, one difference for SOCs relates to the contract register requirements under the GIPA Act. As a SOC is a commercial business owned by NSW, their obligations in relation to access to government information are slightly different from other government agencies in relation to government contracts. In particular, under section 39 of the GIPA Act, SOCs are not required to include information about, or a copy of a government contract in its government contract register, if it relates to activities that the SOC (or its subsidiary) is engaged in where they are competing with other persons in the same market.

However, the general principles of open government information apply to SOCs and they are required to meet GIPA obligations to maintain and advance a system of government that is open, transparent and accountable.[6]

More information about your right to access government information and how to make a request is available in the IPC Fact Sheet Your right to access government information in NSW.

SOCs and the protection of your privacy

In NSW, your privacy is protected under the Privacy and Personal Information Protection Act 1998 (NSW) (PPIP Act). In November 2022, amendments passed by the NSW Parliament extend the PPIP Act to SOCs not regulated by the Commonwealth Privacy Act 1998 (Privacy Act). From November 2023, these SOCs are considered to be public sector agencies and are subject to the requirements of the PPIP Act.

The following SOCs will be required to comply with the NSW PPIP Act from November 2023:

• Hunter Water
• Sydney Water
• Landcom
• Water NSW
• Port Authority NSW
• Transport Asset Holding Entity of NSW

These SOCs should follow the 12 Information Protection Principles (IPPs) when dealing with an individual’s personal information. Each SOC will provide citizens with information about how they will deal with any concerns from citizens.

Does the Commonwealth Privacy Act apply to SOCs?

The Privacy Act regulates the way that personal information of individuals is handled at the Commonwealth level. Australian government agencies and organisations as defined in the SOC Act have responsibilities under the Privacy Act. Organisations that are not covered by the PPIP Act may be covered by the Privacy Act.

The following SOCs have identified as being bound by the Privacy Act:

• Essential Energy
• Forestry Corporation of NSW

The Privacy Commissioner does not have jurisdiction over the conduct of SOCs that have identified as being bound by the Privacy Act.

Privacy issues are instead dealt with by the Office of the Australian Information Commissioner (OAIC). For more information, you can contact the OAIC on 1300 363 992 or via its website - https://www.oaic.gov.au/.

What can I do if I think my privacy has been breached?

Each of the eight SOCs have published their own privacy policy that is available on their websites.

If you are concerned that a SOC has not met their privacy obligations under their policy, you may be able to resolve the complaint directly with the SOC through their complaints process.

Amendments to the PPIP Act

In November 2022, the Privacy and Personal Information Protection Amendment Bill was introduced into the NSW Parliament and was passed on 16 November. On 28 November, the bill was assented to and the amendments are to come into effect 12 months following assent, from 28 November 2023.

The object of the bill is to extend the PPIP Act to include SOCs that are not subject to the Privacy Act and to establish a Mandatory Notification of Data Breach Scheme in NSW. SOCs that are not bound by the Privacy Act must comply with their obligations under the PPIP Act.

Contact the Information and Privacy Commission NSW (IPC):

Freecall:           1800 472 679
Email:             ipcinfo@ipc.nsw.gov.au
Website:           www.ipc.nsw.gov.au

NOTE: The information in this fact sheet is to be used as a guide only. Legal advice should be sought in relation to individual circumstances.