AustLII Home | Databases | WorldLII | Search | Feedback

Privacy Law and Policy Reporter

Privacy Law and Policy Reporter (PLPR)
You are here:  AustLII >> Databases >> Privacy Law and Policy Reporter >> 2002 >> [2002] PrivLawPRpr 22

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

Puplick, Chris --- "Privacy and freedom of information legislation in NSW" [2002] PrivLawPRpr 22; (2002) 9(1) Privacy Law and Policy Reporter 13

Privacy and freedom of information legislation in NSW

Chris Puplick

This paper was given at an Inter-national Symposium on Freedom of Information and Privacy, Auckland, 28 March 2002, organised by New Zealand Privacy Commissioner Bruce Slane, and is reproduced here by kind permission of the Commissioner and the author. This paper outlines in tabular form the relationship of the two NSW laws and should be read together with Kevin O’Connor’s paper which follows — Associate Editor.

New South Wales was the first State in Australia to pass a comprehensive State personal data privacy law, in the form of the Privacy and Personal Information Protection Act 1998 (PPIPA). Its core is a series of Information Protection Principles (IPPs). It applies the IPPs by law to the public sector. It created the Office of the Privacy Commissioner.

Under PPIPA, government agencies are required to have privacy management plans. If they wish, they can seek to have the application of one or more of the IPPs to their operations varied and adopt a code of practice, which must be drawn up in consultation with the Privacy Commissioner.

The interaction of the access and amendment rights given by PPIPA with those found under the Freedom of Information Act 1989 (FOI Act) are addressed by clear provisions in PPIPA indicating that the relevant IPPs do not override the FOI Act.

The FOI Act has both a privacy objective and a ‘democratic’ objective, encompassing goals of participation, open government and accountability.

The FOI Act does not claim to exclude other means of obtaining access to information. Access to personal information may best be achieved through the more informal and flexible arrangements mandated under PPIPA, but the FOI Act may continue to be the preferred way of dealing with more complex applications where, for example, there is an issue of disclosure of third party or confidential information or mixed personal and non-personal information.

PPIPA and the FOI Act have significantly different enforcement and review provisions. These and other important points of difference are noted in the following table.

To promote ‘openness, accountability and responsibility’ in all public areas and to confer a legal right to access personal information and documents and to request amendments to records of a personal nature that are inaccurate, incomplete, misleading or out of date.
To promote fairness and accuracy in the way that personal information is collected, stored, used, accessed and disclosed and to govern the disclosure of personal information from ‘public registers’.
Applies to
Personal or non-personal information held by NSW government authorities, government ministers, local councils and other public agencies.
Personal information about the individual held by NSW public sector agencies, including local councils and prescribed bodies which are outsourcing data services and personal information in public registers.
Modified by
Not applicable.
Privacy codes of practice may modify, in relation to an agency or class of agencies, the operation of both the IPPs and the public register privacy principles. This includes exemptions from the operation of an IPP, as well as specifying the manner in which the IPP will apply.
Information covered
Documents containing personal and non-personal information, including audio-visual film, tapes and discs.
Personal information, including genetic material, electronic records, video recordings, photographs and biometric information.
Exempt agencies
Exemptions include some or all of the functions of some agencies including: Office of Auditor General; Director of Public Prosecutions; Independent Commission against Corruption; Public Trustee; State Bank of NSW; State Authority Superannuation Board; State Superannuation Investment and Management Corporation; and the NSW Ombudsman.
State-owned corporations; Police Service; Independent Commission Against Corruption; Police Integrity Commission; and the Crime Commission (except in relation to their administrative and educative functions).
Exempt information
NSW government cabinet and executive council documents (excepting those that are factual or statistical and do not disclose deliberations or decisions); documents exempt under Commonwealth or other States’ FOI legislation; documents concerning law enforcement and public safety; documents subject to legal professional privilege or secrecy provisions in other legislation, affecting the personal affairs or business affairs of another person or business and the economy of NSW. Additionally, documents may be subject to a Ministerial Certificate stating that a specific document is exempt and restricted.
Information in publicly available publications and information or an opinion about a person’s suitability for appointment or employment as a public sector official. Several of the IPPs are also declared to be inapplicable if the agency is lawfully authorised or required not to comply with the principle concerned, or if non-compliance is otherwise permitted (or is necessarily implied or reasonably contemplated) under an Act or any other law.
Exempt functions
Judicial functions of courts and tribunals and the investment, complaint handling, investigative and reporting functions of certain agencies.
Some exemptions apply to the law enforcement, investigative and complaints handling activities of certain agencies.
An individual or group of individuals or a corporation or association.
An individual. Third party complaints may not be allowed.
Application or complaints procedure
Application in writing to the agency for access to specified documents held by the agency. The agency must advise in writing within 21 days that the information is available, or if the request has been deferred or refused. This period may be extended by a further 14 days if special circumstances apply, such as the need to consult with a third party. Application fee of $30, processing fee of $30 an hour. Requests for an internal review to be made in writing within 28 days of being told of the agency’s decision. Review application fee of $40.
Complaints about alleged breaches of privacy or applications for access to personal information, preferably in writing, can be made to the agency or the Privacy Commissioner. The agency is obliged to inform an applicant whether they hold personal information about the applicant and give access to it without undue delay or expense.
Under Pt 5, the individual may seek an internal review of the agency’s conduct or decisions regarding an alleged breach of the IPPs, a code of practice, or the public register provisions in Pt 6, or they may make a complaint to the Privacy Commissioner under Pt 4.
If the individual complains under Pt 5, the agency must then conduct an internal review and notify the Privacy Commissioner, and it may request the Commissioner to undertake the internal review on the agency’s behalf.
If the individual makes a complaint to the Commissioner under Pt 4, the Commissioner must attempt to resolve the complaint by conciliation, and, on completion of an investigation, can only make reports and recommendations.
If dissatisfied with the internal review, the applicant may request that the NSW Ombudsman investigate. The Ombudsman can make recommendations but cannot change or reverse a decision.
Alternatively, the applicant may request that the Administrative Decisions Tribunal (ADT) review the agency’s decision. The ADT can make a fresh determination.
The ADT can be used either as an alternative to an external review by the Ombudsman or after the Ombudsman has completed an external review.
Under Pt 5, if the person is dissatisfied by the internal review, or the action taken by the agency as a result, or if the review is not completed within 60 days, the individual can make an application to the ADT for a review of the conduct concerned.
The ADT can recommend that it is in the public interest to give access to a document which has been refused as exempt; the decision of an agency be reconsidered; action be taken to change the agency’s conduct; reasons be given for a decision; or the law or practice be changed.
Any application to the ADT may go to the findings of the agency review or to the action proposed to be taken by the agency. The ADT may decide not to take any action following review. If it considers that action is warranted it may make one or more of the following orders: monetary compensation up to $40,000; restraining order; specific performance order; correction order; remedial steps order; non-disclosure order in the case of public register complaints; and ancillary orders.
Agencies can refuse notification, access or correction rights under s 13 to 15 of PIPA by using an exemption available to that agency under the FOI Act.

Chris Puplick, Privacy Commissioner, New South Wales.

AustLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback