Privacy obligations in New South Wales

Privacy laws in New South Wales

Protection of privacy is an ever-growing area of concern in the digital age. While there is no current tort for breach of privacy, there are statutory provisions which govern the collection, use and disclosure of private information.

Commonwealth Legislation

Australian Information Commissioner and Privacy CommissionerAngelene Falk and NSW Information Commissione Ms Elizabeth Tydd
Australian Information Commissioner and Privacy Commissioner Angelene Falk (right) and NSW Information Commissioner Elizabeth Tydd (left)

Commonwealth agencies and organisations with an annual turnover of more than $3 million are covered under the Privacy Act 1988 (Cth) (‘the Privacy Act’). Under the Privacy Act, an ‘organisation’ includes a sole trader, body corporate, company, trust and others. It doesn’t cover:

  • state or territory government agencies;
  • an individual acting in their own capacity (including your neighbours);
  • a university, other than a private university and the Australian National University;
  • a public school;
  • in some situations, the handling of employee records by an organisation in relation to current and former employment relationships;
  • a small business operator, unless an exception applies;
  • a media organisation acting in the course of journalism if the organisation is publicly committed to observing published privacy standards; or
  • registered political parties and political representatives.

New South Wales Legislation

State government agencies come under their own State privacy laws. In NSW, this is the Privacy and Personal Information Protection Act 1998 (PPIP Act), and The Health Records Information Privacy Act 2002 (HRIP Act).

The Information and Privacy Commission NSW (IPC) is an independent statutory authority that administers that legislation.

The PPIP Act only covers:

  • state government agencies,
  • local councils,
  • universities, and
  • Ministers and Minister’s offices.

Individuals, corporations, partnerships and trusts aren’t bound by the PPIP Act. This is because if they have a turnover of more than $3 million, they come under the Commonwealth legislation. Some of those persons might also come under the HRIP Act in certain circumstances.

Personal and Health Information

Personal information is any information or an opinion about an individual whose identity is apparent or can reasonably be ascertained from the information or opinion.

Personal information includes:

  • information or an opinion which is part of a database,
  • information or an opinion which may not be recorded in a material form,
  • a written record which may include your name, address and other personal details about you,
  • photographs, images, video or audio footage of individuals, and
  • a person’s fingerprints, blood or DNA samples.

Health information is a type of ‘personal information’ that is information or an opinion about:

  • an individual’s physical or mental health or disability,
  • an individual’s express wishes about the future provision of health services, or
  • a health service provided or to be provided to a person.

Health information also means other personal information:

  • collected to provide or in providing a health service,
  • collected in connection with the donation, or intended donation, of body parts, organs or body substances,
  • that is genetic information about an individual arising from a health service provided in a form that is or could be predictive of the health of the individual or of a genetic relative of the individual, or
  • healthcare identifiers (i.e. usually a number assigned to individuals and healthcare providers).

Privacy laws: The PPIP Act

The PPIP act contains 12 Information Protection Principles (IPPs) which are the key to understanding your privacy rights.

information privacy principles 

Privacy laws: The HRIP Act

The HRIP Act contains 15 Health Privacy Principles (HPPs) which are the legal oblications which NSW Public sector angencies and private sector organisations must abide by when the collect, hold, use and disclose a persons health information.

If you have questions about privacy breaches, contact our lawyers.

+ posts

Recommended articles


O’Brien Criminal & Civil Solicitors
p: 02 9261 4281
a: Level 4, 219-223 Castlereagh St,
Sydney NSW 2000

Scroll to Top