Consider privacy early and throughout your project to ensure you meet your legal obligations.

Embed privacy from the outset

Embed privacy into service design at the outset of your project.

Comply with privacy legislation and principles

Comply when dealing with personal or health information.

De-identify datasets

De-identify and take steps to avoid re-identification.

What are your privacy obligations?

Under NSW privacy laws, public sector agencies and staff must protect the privacy of personal and health information they collect, store and use. The Privacy and Personal Information Protection Act 1998 relates to protecting personal information about individuals. The Health Records and Information Privacy Act 2002 relates to health information.

Why you need to do this?

We must assure the public that the information we collect from and about them will be secure. This in turn will build their trust and confidence when they use our services and interact with us.

Who's responsible?

Everyone in the team needs to be aware of protecting the privacy of information. Contact your agency's privacy contact officer to understand what you must do.


Information on this web page and linked pages does not constitute legal advice. Users should seek advice from their privacy or legal teams where appropriate.

Last updated