SafeWork privacy management plan

The SafeWork NSW Privacy Management Plan explains how SafeWork NSW manages personal and health information in line with New South Wales (NSW) privacy laws.

Back to top

Chapters

  1. Privacy Management Plan Overview
  2. About SafeWork NSW
  3. Managing personal and health information at SafeWork
  4. Your rights
  5. Appendices

1. Privacy Management Plan Overview

On this page

1.1 About the Privacy Management Plan

The SafeWork NSW Agency (SafeWork) Privacy Management Plan (Plan) describes what measures SafeWork takes to ensure it effectively manages and protects personal and health information in line with the Privacy and Personal Information Protection Act 1998 (NSW) (PPIP Act) and the Health Records and Information Privacy Act 2002 (NSW) (HRIP Act)
(the ‘NSW privacy laws’). It is also a requirement for us to have this Plan per section 33 of the PPIP Act.

We are committed to protecting the rights of our customers, staff, and members of the public, as required by the NSW privacy laws. We take these obligations seriously, and this Plan inform you how we comply with the privacy and health principles. This Plan will be reviewed and updated as required to ensure the personal and health information we collect, and use is managed appropriately, effectively and in compliance with all applicable privacy laws and to address any emerging changes in SafeWork strategic or operational priorities.

This Plan explains who you should contact if you have questions about the information collected and managed by SafeWork; how you can access and amend information stored about you by SafeWork; and what to do if you are concerned that SafeWork may have breached the PPIP or HRIP Acts.

This Plan was last reviewed in 2025-26 and published here on 19th February 2026

1.2  What the Plan covers

This Plan covers SafeWork’s requirements under section 33(2) of the PPIP Act, including:

  • how SafeWork develops its policies and practices to comply with both the PPIP and HRIP Acts,
  • how SafeWork disseminates these policies and practices throughout the agency,
  • information as to how SafeWork conducts an internal review,
  • the procedures and practices used by SafeWork to ensure compliance with its obligations and responsibilities set out in Part 6A of the PPIP Act for the mandatory notification of data breach (‘MNDB’) scheme,
  • other information regarding matters which SafeWork considers relevant in respect of privacy and the protection of personal and health information we manage.

The Plan applies to all personal and health information managed by SafeWork however, it is important to note that this plan is principles-based and does not cover all situations that may arise.

This Plan also does not cover the following information as it is not personal information for the purposes of section 4 of the PPIP Act:

  • information about a person that has been dead for more than 30 years,
  • information about someone that is contained in a publicly available document,
  • information or opinion about a person’s suitability for employment as a public sector official,
  • non-personal information related to the operations, activities, or affairs of a business or organisation,
  • information that has been de-identified, thus, no person can be identified, nor can this information be considered personal information.

When preparing this Plan, SafeWork has referred to the Privacy Management Plan resources published by the NSW Information and Privacy Commission (IPC) to ensure the Plan complies with the requirements of the privacy legislation. To that end, SafeWork has also sought feedback and recommendations from
the IPC directly.

1.3 Definitions

Agency Has meaning of a public sector agency as granted by section 3 of the PPIP Act.
Collection Refers to methods SafeWork uses to obtain information such as verbally by phone or in person, online, phone recording, videos (including body worn videos worn by inspectors), photograph or in writing.
Disclosure When SafeWork makes known to an individual or entity personal or health information not previously known to them.
Health Information Health information or an opinion about a person’s physical or mental health or disability, or a person’s express wishes about the future provision of his or her health services or a health service provided or to be provided to a person; See the definition at s. 6 HRIP Act
Health Privacy Principles (HPPs) There are 15 HPPs listed under the HRIP Act which regulate how agencies must deal with health information. More information regarding the HPPs for members of the public can be found at Health Privacy Principles (HPPs) explained for members of the public
Information Protection Principles (IPPs) There are 12 IPPs listed under the PPIP Act which regulate how public sector agencies, including government agencies, local councils and universities, must deal with personal information. More information regarding the IPPs for members of the public can be found at Information protection principles for the public
Investigative Agency

In accordance with s. 3 of the PPIP Act and as amended from time to time. Any of the following:

  • the Ombudsman’s Office,
  • the Independent Commission Against Corruption,
  • the Inspector of the Independent Commission Against Corruption,
  • the Law Enforcement Conduct Commission,
  • the Inspector of the Law Enforcement Conduct Commission and any staff of the Inspector,
  • the Health Care Complaints Commission,
  • the Office of the Legal Services Commissioner,
  • the Ageing and Disability Commissioner,
  • the NSW Office of the Children’s Guardian, or
  • a person or body prescribed by the regulations for the purposes of this definition.

This also includes any other public sector agency with investigative functions if those functions are exercisable the authority of an Act or statutory rule and the exercise of the functions may result in the agency taking or instituting disciplinary, criminal or formal action or proceedings (section 3 PPIP Act).

Law Enforcement Agency

In accordance with s. 3 of the PPIP Act and as amended from time to time.

Any of the following:

  • the NSW Police Force, or the police force of another State or a Territory,
  • the NSW Crime Commission,
  • the Australian Federal Police,
  • the Australian Crime Commission,
  • the Director of Public Prosecutions of NSW, of another State or a Territory, or of the Commonwealth,
  • the Department of Justice,
  • the Independent Gaming and Liquor Authority under the Gaming and Liquor Administration Act 2007,
  • the NSW Independent Casino Commission under the Casino Control Act 1992,
  • the Office of the Sheriff of NSW,
  • a person or body prescribed by the regulations for the purposes of this definition (section 3 PPIP Act).
Management of information Refers to the systematic process of collecting, storing, organising, maintaining, protecting, and distributing information to ensure it is accurate, accessible, secure, and used effectively to support decision-making, operations, and compliance within SafeWork.
Personal information Personal information or an opinion (including information or an opinion forming part of a database and whether or not recorded in a material form) about an individual whose identity is apparent or can reasonably be ascertained from the information or opinion, including such things as an individual’s fingerprints, retina prints, body samples, or genetic characteristics. Exclusions to the definition of personal information are contained in section 4(3) of the PPIP Act and includes health information; (see the definition at s4 PPIP Act and s4(3) PPIP Act and s5 of the HRIP Act).
Public Register A lawfully required register where personal information is publicly available.
Use ‘Use’ is different to ‘disclose’. When ‘use’ is referenced, it refers to the way SafeWork handles and deals with information within SafeWork to perform its functions.