What are the legislative essentials?
The objectives of the PPIP Act and the HRIP Act are to give individuals confidence that the handling of their personal and health information by NSW public sector agencies is appropriate in all circumstances. Both Acts set the rules to support this.
Personal information is any information that identifies an individual such as written records which may include an individual’s name and address, photographs, images, video or audio footage.
Health information is any personal information or opinion about an individual’s physical or mental health; health services provided to an individual or to be provided in the future; information collected in connection with organ donation; or other personal information that is genetic information about an individual arising from a health service provided.
The PPIP Act and the HRIP Act outline the responsibilities of agencies, the rights of individuals, and the role and functions of the Privacy Commissioner. At the heart of these are the Information Protection Principles (IPPs) and the Health Privacy Principles (HPPs). They follow the ‘information life cycle’ as agencies collect personal and health related information, process, store and share or dispose of it. The IPPs and HPPs are complemented by other mechanisms including codes of practice, public interest directions (where applicable), privacy management plans and complaints management.
Agencies must comply with these core requirements. The privacy governance framework and the privacy program, which includes the privacy management plan, are the key mechanisms for complying.
Read Next: Governance and leadership
