The Office of the Australian Information Commissioner defines privacy as 'a fundamental human right that underpins freedom of association, thought and expression, as well as freedom from discrimination', with information privacy aimed at 'promoting the protection of information that says who we are, what we do and what we believe'.
For nsw.gov.au, where we are handling personal information every day, this means that we are legally obliged to the below:
- The information we collect is done in a lawful, direct, open, and relevant way. We minimise the data we collect by only collecting what we need.
- The Personal Information (PI) we collect is used only for the purpose it was collected for.
- The way we store information is to be in a secure manner, within appropriate retention periods, and archived safely.
- The accuracy of, and access to, our information must be transparent, easy to obtain, and always correct.
All webforms must now use a Privacy Collection Notice
To ensure all webforms on nsw.gov.au are in compliance with the Information Protection Principles (IPP) for agencies of NSW, it is now a requirement for all webforms to have a Privacy Collection Notice. Webforms without a Privacy Collection Notice now cannot be created.
Head over to the article I want to use a Privacy Collection Notice for my form on nsw.gov.au to do this.
Information Protection Principles (IPPs) for Agencies
A more detailed explanation into Information Protection Principles (IPPs) for Agencies can be found on the Information and Privacy Commission's site.
Privacy is the NSW Government’s priority
As NSW has embraced a digital transformation into e-government, this transformation brings about several benefits, as well as some challenges. For example, the new channels and digital services we have implemented present efficiencies and facilitate instantaneous engagement for our citizens, as well as introduce new risks to their personal information. This transformation must therefore be accompanied by e-governance to mitigate these risks, to protect our NSW citizens and businesses in online environments, and to ensure the government remains accountable and transparent to the way information is handled and presented to our citizens.
Furthermore, as cyber threats have rapidly grown in volume and sophistication, with notable attacks such as the 2022 Optus breach, it is clear that privacy responsibilities and data security must be aligned across, and led by, the government, and a coordinated and holistic approach to digital and cyber security implemented. The OneCX program ensures that NSW Agency sites on nsw.gov.au lead the charge in driving this implementation of cyber and data management maturity across the government, and for our citizens.
Your role towards privacy as a NSW Government Agency
As a NSW Government Agency, you are accountable to ensuring that privacy is upheld in every content that exists on your site, and all third-party application/software that it is integrated with. You have an obligation to understand and comply with your Agency’s Governance and Legal Functions, as well as ensuring and managing legal compliance and reporting. For example, citizens must have transparent information to what we will be doing with the data they submit to us, you are only collecting data that you need, and having a data breach response, remedy, and escalation plan in place.
One of the ways you can do this is by upskilling yourself on the various Privacy Collection Notices on nsw.gov.au, and ensure every form on your site is using them. See I want to use a Privacy Collection Notice for my form on nsw.gov.au to download the templates.
Another way is to get yourself privacy ready by considering the following points:
- Review your data collection points. What would the impact be to the citizen, agency, and nsw.gov.au if the data was breached, leaked, or hacked?
- Identify and engage your ICT subject matter expert to set up a cyber safe data storage location for personal, sensitive, or classified data?
- Identify and engage your local/agency privacy advisor. Understanding who your support contacts are is crucial in the discovery phase of the program.
OneCX helps with privacy for agencies on nsw.gov.au
OneCX works with Agencies as an enabler for uplifting privacy in the development, planning, designing and delivery of government information and services on nsw.gov.au. As such, the OneCX platform, and its products and services, deliver on adherence and commitment to the Information and Privacy Commission (IPC), the Privacy and Personal Information Protection Act 1998 (PPIP Act), and the Health Records and Information Privacy Act 2022 (HRIP Act).
Some of the ways we do this is by –
- Having strong governance structures that support assessing, protecting, reporting and managing privacy issues
- Embedding data governance and privacy best practice principles into all program increments, designs and processes
- Providing training and support to ensure all stakeholders are aware of their responsibilities and escalation processes
- Guiding Agency stakeholders on the importance of enhancing public trust in government services in today’s digital environment, with particular focus on respect to citizens’ privacy rights and rights to access government information
- Building sustainable privacy and data governance practices to match the pace of development and innovation in the digital landscape
Upskill yourself in NSW Government privacy
Use the following links to help you learn more about privacy for the NSW Government
Need more support on Privacy for nsw.gov.au?
Request support for Privacy enquiries now and our Privacy team will be in touch to assist you.