Directory Summary

Privacy and Personal Information Protection Act 1998 (NSW) - Level 1

View Legislation

This Act provides for the protection of personal information, and for the protection of the privacy of individuals generally. The Act sets privacy standards applicable for NSW State and Local government agencies and private sector persons and organisations in NSW. Privacy NSW is established by the Act as the Office of the NSW Privacy Commissioner. Under the Act, the University is required to deal with personal information in accordance with the 12 information protection principles (IPPs) prescribed within the Act:

Collection must be
1.Lawful
2.Direct
3.Open
4.Relevant

Storage must be
5.Secure

Access must be
6.Transparent
7.Accessible
8.Correct

Use must be
9.Accurate
10.Limited, and

Disclosure must be
11.Restricted, and
12. Safeguarded.

The University must take steps to ensure that that there is no deliberate and wrongful disclosure of personal information and is also required to develop and implement a Privacy Management Plan. The Act prescribes the contents of the privacy management plan including descriptions of the University's policies and processes for complying with privacy legislation and dealing with privacy matters including those matters relevant for the Health Records Information Privacy Act 2002; and, dissemination strategies for the privacy policies and procedures to the University community.