Checklist - Privacy for NSW public sector agencies
View the document below or download it here Checklist - Privacy for NSW public sector agencies July 2019
|
|
Assessment questions |
Status |
Comments |
|
|---|---|---|---|---|
Understanding privacy in the agency |
||||
|
1 |
Is my organisation a NSW public sector agency? |
☐ YES ☐ NO |
If no, you may have obligations under other privacy laws and guidelines. |
|
|
2 |
I know who the agency Privacy Contact Officer is? |
☐ YES ☐ NO |
If no, ask your manager or search your intranet. |
|
|
3 |
I have read and understood the agency’s Privacy Management Plan? |
☐ YES ☐ NO |
If no, check the agency website. |
|
|
4 |
I have read and understood the agency’s information handling policies? |
☐ YES ☐ NO |
If no, access a copy of the policy or refer to the State Records Act 1998. |
|
|
5 |
I have read and comply with the agency’s policy on destroying personal and health information? |
☐ YES ☐ NO |
If no, access a copy of the agency’s Privacy Management Plan. |
|
|
6 |
I have read and understood the agency’s process for requests to access personal or health information? |
☐ YES ☐ NO |
If no, access a copy of the agency’s Privacy Management Plan. |
|
|
7 |
I ensure access to personal and health information within my agency is limited to those with a strict need to know? |
☐ YES ☐ NO |
If no, access a copy of the agency’s Privacy Management Plan. |
|
|
8 |
I have read and comply with the agency’s process to ensure personal and health information is always held securely? (e.g. not sharing passwords) |
☐ YES ☐ NO |
If no, access a copy of the agency’s Privacy Management Plan. |
|
|
9 |
I always lock my computer when I leave my workspace? |
☐ YES ☐ NO |
If no, use function ALT/CONTROL/DELETE on your keyboard and choose the lock function. |
|
|
10 |
I never post information about workplace colleagues or service users on social media? |
☐ YES ☐ NO |
If no, review the agency Code of Conduct or relevant policy. |
|
Understanding the legal requirements |
||||
|
11 |
I have refreshed my knowledge of the Information Protection Principles? |
☐ YES ☐ NO |
If no, click on link |
|
|
12 |
I have refreshed my knowledge of the Health Privacy Principles? |
☐ YES ☐ NO |
If no, click on link |
|
Collecting personal and health information |
||||
|
13 |
I collect personal and health information for the right purpose? Do I really need this information and what am I going to use it for? |
☐ YES ☐ NO |
Review point 11 and 12 in this checklist above |
|
|
14 |
I always advise service users how their personal information will be used and held? |
☐ YES ☐ NO |
If no, access a copy of the agency’s Privacy Management Plan. |
|
|
15 |
I always advise people I am collecting personal and health information from how they can access agency held information? |
☐ YES ☐ NO |
If no, access a copy of the agency’s Privacy Management Plan. |
|
For more information
Contact the Information and Privacy Commission NSW:
freecall: 1800 472 679
email: ipcinfo@ipc.nsw.gov.au
website: www.ipc.nsw.gov.au
