IPC Annual Report 2024–25 tabled in NSW Parliament

The Annual Report of the Information and Privacy Commission NSW (IPC) for 2024–25 was tabled in the Parliament of New South Wales on 30 October 2025. 

As well as reporting on the operations and governance of the IPC, the report provides accountability to the NSW Parliament in respect of the exercise of the oversight and integrity functions of the two independent commissioners the IPC supports: the NSW Information Commissioner and the NSW Privacy Commissioner. 

Highlights from the 2024–25 reporting period include:

• 118 mandatory breach notifications made to the Privacy Commissioner
• 944 information access and privacy reviews and complaints finalised
• 498 information access and privacy advices provided, to support compliance by agencies
• 2,826 enquiries from the public dealt with
• 621,249 page views of the IPC’s website (ipc.nsw.gov.au)
• marking one-year of the Mandatory Notification of Data Breach (MNDB) Scheme and releasing the first MNDB Scheme Trends Report
• releasing the IPC Regulatory Priorities for 2025–28 and updating the IPC Regulatory Framework
• updating the IPC MNDB Self-assessment Tool
• tabling in Parliament the Report on the Operation of the Government Information (Public Access) Act 2009: 2023–24
• celebrating Privacy Awareness Week, 16–22 June 2025
• celebrating Right to Know Week, 23–29 September 2024
• updating and releasing the IPC Stakeholder Engagement Plan 2025–28 and the IPC Strategic Plan Key Performance Indicators
• releasing a new e-Learning module on Privacy Basics for NSW public sector staff
• publishing new Easy English Guides on information access and privacy rights
• releasing translated guidance and developing new information access and privacy pages in over 10 languages.

Looking ahead

In the reporting period, the IPC developed and released its Regulatory Priorities for 2025–28 and updated the IPC Regulatory Framework. The Regulatory Priorities enable the IPC to target its effort and resources towards identified areas of heightened risk, communicate the key issues which the IPC is focusing on and signal to stakeholders where the IPC will focus its regulatory and compliance efforts.

Information Commissioner, Emeritus Professor Rosalind Croucher AM, said, ‘2024–25 was a period of change for the IPC with changes to the Information Commissioner and the appointment of the Privacy Commissioner. As the IPC transitions into a period of stability, the new IPC Regulatory Priorities provide direction for the IPC and set targets for our regulatory action. 

‘Together with the IPC’s Strategic Plan for 2024–28, the IPC is positioned to continue its work to be an effective regulator in 2025–26.’

Privacy Commissioner, Sonia Minutillo, added, ‘The IPC’s Strategic and Regulatory Plans focus on key priority areas related to privacy, including new and emerging technologies, data breaches, privacy governance practices, and education and awareness of Privacy in NSW.

‘Our 2025–26 initiatives will contribute to building privacy maturity and capability across the public sector, embedding robust privacy practices into programs and ensuring agencies are equipped to proactively manage emerging risks. These efforts will enhance the protection of personal information for individuals giving the public greater confidence in how their information is handled and safeguarded.’

Both Commissioners noted that, ‘We are very appreciative of the IPC’s small but dedicated team for working hard during the year to support privacy and transparency in NSW public sector administration. We also acknowledge and commend the efforts of people working across the NSW public sector to champion transparency and privacy within their agencies and to their community stakeholders.’

The IPC Annual Report 2024–25 is available on the IPC website.

ENDS

For further information, please contact:

The Manager, Communications and Corporate Affairs on 0435 961 691 or email communications@ipc.nsw.gov.au

About the Information and Privacy Commission:

The Information and Privacy Commission NSW (IPC) is an independent integrity agency that supports the NSW Information Commissioner and the NSW Privacy Commissioner.  Its vision is that privacy and access to government information are valued and protected in NSW. The Information Commissioner is the chief executive of the Commission. 

About the NSW Information Commissioner 

Emeritus Professor Rosalind Croucher AM was appointed as the Information Commissioner in June 2025. The NSW Information Commissioner’s statutory role includes promoting public awareness and understanding of the Government Information (Public Access) Act 2009 (GIPA Act); providing information, advice, assistance and training to agencies and the public; dealing with complaints about agencies; investigating agencies’ systems, policies and practices; and reporting on compliance with the GIPA Act.

The Government Information (Information Commissioner) Act 2009 (GIIC Act) establishes the procedures for appointing the Information Commissioner and sets out the Commissioner's powers and functions. It outlines the method for people to complain about the conduct of agencies when undertaking their duties under the GIPA Act, and the way in which the Information Commissioner may deal with the complaint. The GIIC Act also enables the Information Commissioner to investigate and report on how agencies carry out their functions under the GIPA Act.

About the NSW Privacy Commissioner

Ms Sonia Minutillo was appointed as the Privacy Commissioner in March 2025. As Privacy Commissioner, her role includes the promotion of public awareness and understanding of privacy rights in NSW, as well as providing information, support, advice and assistance to agencies and the public.

The Privacy Commissioner administers the Privacy and Personal Information Protection Act 1998 (PPIP Act) and the Health Records and Information Privacy Act 2002 (HRIP Act).

For further information about the IPC visit our website at www.ipc.nsw.gov.au