This Act provides for the protection of personal information, and for the protection of the privacy of individuals generally. The Act sets privacy standards applicable for NSW State and Local government agencies and private sector persons and organisations in NSW. Privacy NSW is established by the Act as the Office of the NSW Privacy Commissioner. Under the Act, the University is required to deal with personal information in accordance with the 12 information protection principles (IPPs) prescribed within the Act: Legislation, Standards and Codes may be linked to one or more of the University's compliance frameworks either as the driver of the requirements, or as a component of the framework. The relevant frameworks are listed below.Privacy and Personal Information Protection Act 1998 (NSW) - Level 1
Collection must be
1.Lawful
2.Direct
3.Open
4.Relevant
Storage must be
5.Secure
Access must be
6.Transparent
7.Accessible
8.Correct
Use must be
9.Accurate
10.Limited, and
Disclosure must be
11.Restricted, and
12. Safeguarded.
The University must take steps to ensure that that there is no deliberate and wrongful disclosure of personal information and is also required to develop and implement a Privacy Management Plan. The Act prescribes the contents of the privacy management plan including descriptions of the University's policies and processes for complying with privacy legislation and dealing with privacy matters including those matters relevant for the Health Records Information Privacy Act 2002; and, dissemination strategies for the privacy policies and procedures to the University community.
Relevant Compliance Frameworks
Summary