SafeWork NSW privacy statement
In summary, the Information Protection Principles (IPPs) and Health Privacy Principles (HPPs) are:
- We must collect personal and health information only for a lawful purpose directly related to SafeWork NSW’s functions.
- We must collect personal and health information directly from the individual concerned, unless they authorise otherwise.
- We must inform people why their personal and health information is being collected, what it will be used for, who will get it, whether supply is mandatory or voluntary and their right to access and correct it.
- We must ensure that personal and health information is relevant, accurate, is not excessive and does not unreasonably intrude into the personal affairs of people.
We must keep personal and health information no longer than necessary and dispose of it appropriately, protected by reasonable security safeguards and protect it from unauthorised access, use or disclosure.
Access and accuracy
- We must be transparent about the personal and health information we store about people, why we use the information and about the right to access and amend it.
- We must give individuals access to their personal and health information without unreasonable delay and expense.
- We must comply with an individual’s requests to amend their personal and health information to ensure that it is relevant, up to date, complete and not misleading.
- We must take reasonable steps to ensure the accuracy of personal and health information before using it.
- We must use personal and health information only for the purpose for which it was collected or a directly related purpose, for a purpose to which the individual has consented, or where its use is necessary to prevent or lessen a threat to someone’s life or health.
- We may only disclose personal and health information for a purpose directly related to the purpose of collection and where the individual is unlikely to object, or where the individual has been put on notice that information is usually disclosed in this way, or where the disclosure is necessary to prevent or lessen a threat to someone’s life or health.
- We must observe special restrictions by:
- not disclosing personal and health information about a person’s ethnic or racial origin, political opinions, religious or philosophical beliefs, trade union membership, health or sexual activities unless disclosure is necessary to prevent or lessen a threat to life or health, and
- only disclosing personal and health information to individuals or organisations outside New South Wales under approved circumstances
Identifiers and anonymity (only applies to health records)
- We may only assign identifiers to individuals if the assignment of identifiers is reasonably necessary to enable the organisation to carry out any of its functions efficiently, however we do not use unique identifiers for health information, as we do not need them to carry out our functions.
- We must allow people to stay anonymous where it is lawful and practicable.
Transfers and linkage (only applies to health records)
- We do not usually transfer health information outside of NSW.
- We do not currently use a health records linkage system and do not anticipate using one in the future. However if we did, we would not use one without people’s consent.
Other important elements
What exemptions apply?
In certain circumstances SafeWork NSW does not have to comply with one or more of the Information and Protection Principles and Health Privacy Principles.
Generally, SafeWork NSW is not required to comply with certain IPPs and HPPs where this would prevent SafeWork NSW from carrying out its proper functions, such as law enforcement, investigation of suspected illegal conduct and dealing with consumer complaints.
The PPIP Act also regulates the operation of public registers maintained by SafeWork NSW. The Act requires SafeWork NSW to:
- only provide information from those registers if it is satisfied that the information will be used for a purpose which is in accordance with the purpose of the register, and
- provide people with an opportunity to have their personal details held on the register suppressed in exceptional circumstances where the safety or well-being of the person is at risk
Access to personal information
Under the IPPs and HPPs outlined above, SafeWork NSW is required to provide people with sufficient information about SafeWork NSW’s holdings of personal information to enable them to exercise their rights to access and correct information about themselves, and to give people access to personal information about themselves without unreasonable delay and expense.
If you wish to have access to personal information which SafeWork NSW holds about you, you can contact us at email@example.com. SafeWork NSW is not required to give access to personal information if it would compromise SafeWork NSW’s investigative or law enforcement activities.
Alteration of personal information
If SafeWork NSW holds personal information about you, you are entitled to ask SafeWork NSW to alter the information in order to ensure it is accurate. SafeWork NSW generally requires requests for alteration of personal information to be in writing.
SafeWork NSW is not required to alter personal information if it would compromise SafeWork NSW’s investigative or law enforcement activities.
Privacy complaints about the conduct of NSW SafeWork NSW
If you are unhappy with the way SafeWork NSW has dealt with your personal information, you can make a complaint. The complaint should be in writing, addressed to NSW SafeWork NSW, specify a return address within Australia, and be lodged with SafeWork NSW within 6 months of the time when you first became aware of the conduct you are complaining about.
If the complaint concerns a possible breach of the PPIP Act or a Privacy Code of Practice, SafeWork NSW is required to review the conduct complained about. Depending on the review outcome, the PPIP Act provides that SafeWork NSW may:
- take no further action
- offer a remedy such as compensation
- promise that the behaviour will not occur again or
- change its operations to make sure the behaviour will not occur again
If you are not satisfied with the outcome of the review you can apply to the NSW Civil and Administrative Tribunal for a further review of the conduct. The Tribunal has the power to make any orders that it thinks necessary, including the power to award damages of up to $40,000.
Privacy complaints about other persons or bodies
Privacy complaints can also be directed to the Privacy Commissioner, which is within the the Information and Privacy Commission. The Commissioner has powers to conduct research and investigations, provide advice and education, and handle complaints about privacy breaches. The Commissioner does not have power to make orders or to award compensation but will conciliate complaints by assisting parties to reach a decision that all, including the Commissioner, are happy with.