Why it’s important

There are benefits for users and creators when we respect privacy and maintain security.


  • Assured that the information they provide is confidential and stored appropriately
  • Know the system they’re using is safe and secure
  • Know how their information will be used by government
  • Easily retrieve the information they provide


  • Build and maintain users’ trust and confidence in the service
  • Aware of their responsibilities for privacy and security when they design a service

How we get there

To respect privacy and maintain security, we need to:

Think ahead
Plan for and design in relevant security, privacy and record keeping requirements upfront instead of leaving them to the end.

Get the right people in the room
Design with privacy, security and legal experts from the outset, where required. Follow advice from the NSW Government Chief Information Security Officer.

Know the data

  • what data is being collected and why
  • how the data is being transmitted
  • where and how the data is stored
  • how the data will be kept
  • how the data may be used and shared
  • how the data will be disposed of

Plan and monitor
Identify security threats. Develop a plan to keep up-to-date about threats and how to deal with them. Monitor for usual, unusual and threat behaviours.

Check, check, check
Do ongoing maintenance reviews to ensure the service is secure. This includes performing penetration tests to check the security of the system.

Maintain appropriate safeguards 
Make sure there’s oversight of the service to ensure appropriate privacy and security safeguards are maintained.

Remember that machines are users too
Protect against machines gaming the system.    

Mandatory bits



Understand and comply with the security requirements for data owned by, licenced or entrusted to an agency

Understand and comply with responsibilities to protect personal information 

Understand and comply with responsibilities for collecting, holding or using health information

Understand and comply with responsibilities for creating, managing, destroying and protecting government records

Understand the requirements for:

  • digital and physical records management
  • information management