A guide to privacy laws in NSW
Available in other languages: |
---|
Arabic دليل قوانين الخصوصية في NSW |
Assyrian نیو ساؤتھ ویلز میں رازداری کے قوانین کے لئے ایک گائیڈ |
Bangla/Bengali NSW মধ্যে গোপনীয়তা আইন একটি নির্দেশিকা |
Chinese NSW 隐私权法指南 |
Greek Οδηγός νόμων προσωπικών δεδομένων στην NSW |
Hindi NSW में गोपनीयता निय मों के लि ए एक निर् देशि का |
Indonesian Pedoman Hukum Privasi di NSW |
Korean NSW의 프라이버시법에 대한 안내 |
Persian راهنمای قوانین حریم خصوصی در NSW |
Vietnamese Hướng dẫn về luật riêng tư NSW |
How do I protect my privacy?
NSW privacy legislation focuses largely on information about you, that is, information that identifies you. In NSW, the Acts address two groups of information – personal information and health information.
What is personal information?
Personal information is any information that identifies you and includes:
- a written record which may include your name, address and other details about you
- photographs, images, video or audio footage
- fingerprints, blood or DNA samples.
What is health information?
Health information is a specific type of ‘personal information’ which may include information about your physical or mental health or disability. It includes:
- personal information you provide to any health organisation
- a health service already provided to you
- a health service that is going to be provided to you
- a health service you have asked to be provided to you
- some personal information for organ donation
- some genetic information about you, your relatives or your descendants
How is my privacy protected in NSW?
In NSW, there are laws that protect your privacy:
The Privacy and Personal Information Protection Act 1998 (PPIP Act):
- protects your privacy rights in NSW by making sure that your personal information is properly collected, stored, used or released by NSW public sector agencies via the Information Protection Principles (IPPs)
- gives you the right to see and ask for changes to be made to your personal or health information
- allows you to make a complaint to the NSW Privacy Commissioner if you believe a NSW public sector agency has misused your personal information or breached one of the IPPs.
The Health Records Information Privacy Act 2002 (HRIP Act):
- protects your privacy rights in NSW by making sure that your personal and health information is properly collected, stored, used or released via the Health Privacy Principles (HPPs)
- gives you the right to see and ask for changes to be made to your personal or health information
- allows you to make a complaint to the NSW Privacy Commissioner if you believe a NSW public sector agency, health organisation or health service provider has misused your personal or health information or breached one of the HPPs.
NOTE: Some NSW public sector agencies may have specific provisions relating to the handling of personal information.
In addition, there are Commonwealth privacy laws that protect the people of NSW when dealing with federal government departments and larger private sector organisations – please see below.
Who do the NSW laws apply to?
The PPIP Act applies to:
- NSW public sector agencies, including local councils and universities.
The HRIP Act applies to:
- NSW public sector agencies, including local councils and universities
- public and private sector health organisations – e.g. a private or public hospital or medical centre
- health service providers – e.g. your GP, dentist, therapist, physiotherapist, chiropractor, optometrist
- a larger-sized business with a turnover of over $3 million that holds health information – e.g. an insurance company
NOTE: Organisations not covered by these laws (e.g. banks, real estate agents, shops or other private sector organisations) may be covered by the federal Privacy Act. Contact the Office of the Australian Privacy Commissioner on 1300 363 992 or visit their website – www.oaic.gov.au.
Tips to help keep your privacy safe
In our daily lives we are often asked to disclose personal information such as names, addresses, signatures, banking details, phone numbers and more. General tips to help safeguard your privacy include:
- you have a right to ask why any information is being collected about you
- never give your personal details to an unknown person or business that does not list a trading address
- keep passwords, PINs and other access codes confidential and secure
- enable privacy settings when using online social media and networking sites (e.g. Facebook, Twitter)
- securely dispose of mail that contains personal details (e.g. shredding).
Who should I contact if I want to review or change my personal or health information?
If you want to access your own health or personal information, you should contact the holder of the information first and ask them how you can do this. This is usually the Privacy Contact Officer at the agency or organisation concerned. Their details should be on the agency’s or organisation’s website.
If you need further information you can also contact us.
How much does it cost and how long should it take to access my personal or health information?
Under the PPIP Act for personal information (NSW public sector agencies only)
If you ask for your personal information under the PPIP Act it should be provided to you free and without excessive delay.
Under the HRIP Act for personal and health information NSW public and private health service providers and those who collect health-related materials (e.g. dentists, physiotherapists)
If you ask for your health or personal information under the HRIP Act it may be free or there may be a charge. When information is provided to you it should be done without undue delay or excessive costs.
If you want to access your own health or personal information, you should contact the holder of the information first and ask them how you can do this.
There may be other important considerations beyond costs and processing times, such as your review rights, how you want access, and whether other information is involved.
What can I do if I think my privacy has been breached?
If you believe a NSW public sector agency or organisation has misused your personal or health information you can:
Under the PPIP Act for personal information (NSW public sector agencies only)
- ask for an internal review from a NSW public sector agency (an investigation must be done if you make such a request)
- complain to the NSW Privacy Commissioner
- if you are not happy with the outcome of the review you have 28 days to apply to the NSW Civil and Administrative Tribunal (NCAT) for a review of the decision.
Under the HRIP Act for personal and health information NSW public and private health service providers and those who collect health-related materials (e.g. dentists, physiotherapists)
- you may be able to ask for an internal review (applies to NSW public health service providers)
- you can complain to the NSW Privacy Commissioner about a private sector provider
- if you are not happy with the result and, if the Privacy Commissioner has written a report, you have 28 days to apply to NCAT for a review of the decision.
The Privacy Commissioner also has the power to accept broad-based privacy complaints.
NOTE: Depending on the circumstances the IPC may not always be able to accept your complaint, however, we can provide guidance regarding other options.
For more information
Contact the Information and Privacy Commission NSW :
Freecall: 1800 472 679
Email: ipcinfo@ipc.nsw.gov.au
Website: www.ipc.nsw.gov.au
How can I make a complaint under the PPIP Act if I think my privacy (non-health information) has been breached?
See flowchart in this fact sheet, page 3. If you are having difficulties reading this document, please contact us on 1800 472 679 and we will provide another format for you.
How can I make a complaint under the HRIP Act if I think my privacy (health information) has been breached?
See flowchart in this fact sheet, page 4. If you are having difficulties reading this document, please contact us on 1800 472 679 and we will provide another format for you.