Privacy Laws

Privacy Principles
Two key laws in NSW govern the way the University handles personal information:

  • Privacy and Personal Information Protection Act 1988 (NSW) and
  • Health Records and Information Privacy Act 2002 (NSW)

The Privacy and Personal Information Protection Act 1988 (NSW) contains principles that govern the way we handle personal information, known as the Information Protection Principles.

The Health Records and Information Privacy Act 2002 (NSW) contains principles that govern the way we handle health information, known as the Health Privacy Principles.

These principles are collectively known as the Privacy Principles.

These principles set out legal obligations for the:

  • collection of personal and health information;
  • storage of personal and health information;
  • access and accuracy of personal and health information;
  • use of personal and health information; and
  • disclosure of personal and health information.

There are also additional Health Privacy Principles concerning:

  • the use of identifiers to protect identity;
  • the right to anonymity in receiving health services;
  • the flow of health information across the NSW border; and
  • the consent to link health records of an individual in a system.

Privacy Act 1988 (Cth)
We also have obligations under the Privacy Act 1988 (Cth) in relation to notifiable data breaches with respect to tax file numbers.

Privacy laws and University Policy
The University's Privacy Policy and Privacy Management Plan set out how we will comply with these laws and the Privacy Principles.