This page is to help you understand how the privacy legislation protects your personal and health information and how department meets its obligations in respect of this information.
Further information about privacy legislation and its application to the department is detailed in the department's Privacy Management Plan (PDF 552.65KB)
The NSW privacy legislation - the Privacy and Personal Information Protection Act 1998 and the Health Records and Information Act 2002 - imposes specific obligations on the department when handling personal and health information that directly or indirectly identifies a person. These obligations, expressed in 12 Information Protection Principles and 15 Health Privacy Principles, relate to the collection, storage, use, disclosure and alteration of and access to personal and health information.
Modifications to the legislation
Privacy legislation allows for modification of these principles by way of codes of practice, public interest directions and statutory guidelines and regulations. The department's Privacy Code of Practice (PDF 147.28KB) modifies Information Protection Principles as they relate to certain functions of the department. A number of public interest directions made by the Privacy Commissioner also waive or modify the application of these principles to the department. Four statutory guidelines have been developed to explain exceptions to the health privacy principles.
Collection of information
The department collects a significant volume of personal information in the administration and provision of its education, training and community services. The main classes of information collected are employee, student and other stakeholder information including information about parents and carers and information obtained in the course of developing and managing business relationships.
When collecting personal information the department will take reasonable steps to ensure that the person to whom it relates is made aware of certain matters including the purpose for which it is being collected, the intended recipients of the information and the person's right to access and correct the information. In most instances this will be achieved by a issuing a collection notice in connection with the collection.
If you are dissatisfied with the way in which the department has handled your personal or health information you can request an internal review of such conduct. A request must be in writing and addressed to the department using the internal review application form (PDF 178.41KB).
Requests for access to your personal information can be made to the department's Information Access Unit or by completing a privacy application for access form and sending it to the business centre responsible for the information. Contact the Schools and Community Senior Information Officer on 02 7814 1530 for assistance in identifying the business centre you should send the form to.
If you want to amend your own personal or health information you can complete and send a privacy application for amendment form directly to the business centre responsible for the information. Contact the Schools and Community Senior Information Officer on 02 7814 1530 for assistance in identifying the business centre you should send the form to.
Other related information
Privacy Bulletins (PDF 489.58KB) and Legal Issues Bulletins provide guidance to staff in the application of privacy principles. Privacy Bulletins are currently under review and not all are publicly accessible. Links to these bulletins will be provided as soon as the review process is complete.
The Information and Privacy Commission NSW provides support and information to the public and department to ensure the objectives of privacy legislation are achieved. Factsheets and other resources are available from the Information and Privacy Commission website.