About SafeWork NSW

On this page

• 2.1 Who we are and what we do
• 2.2  Promoting the Plan
  • 2.2.1 People leaders
  • 2.2.2 All staff
  • 2.2.2.1 Personal Liability
  • 2.2.3 Inspectors
  • 2.2.4 Privacy responsibilities
  • 2.2.5 Public awareness
  • 2.2.6 Policies and practices
  • 2.2.7 Monitoring, evaluation and continuous improvement
  • 2.2.8 Privacy by design
  • 2.2.9 Emerging technologies

2.1 Who we are and what we do

On 1 July 2025, SafeWork was established as an executive agency related to the Department of Customer Service (DCS). DCS will continue to provide some corporate service functions to SafeWork under formal agreement, but SafeWork has its own head of agency.

SafeWork will be led by the SafeWork Commissioner who will report directly to the Minister for Work Health and Safety.

In this Plan, ‘we’, ‘us’ or ‘our’ refers to SafeWork.

‘You’ or ‘your’ refers to the reader as an individual.

SafeWork is responsible for securing the health, safety and welfare of workers in NSW. It acts to prevent work related injuries, promote the development of healthy and safe workplaces, investigate workplace incidents and assist injured workers to return to work. SafeWork’s main statutory functions are to administer and/or ensure compliance with the following legislation:

• Work Health and Safety Act 2011 (WHS Act)
• Work Health and Safety Regulation 2025 (WHS Regulation 2025)
• Dangerous Goods (Road and Rail Transport) Act 2008
• Dangerous Goods (Road and Rail Transport) Regulation 2014
• Explosives Act 2003
• Explosives Regulation 2013
• Workers Compensation Act 1987
• Workplace Injury Management and Workers Compensation Act 1998

These laws govern workplace safety, injury and disease prevention as well as handling dangerous goods and explosives. SafeWork’s full functions are set out in section 152 of the WHS Act. Other laws that impact on the way we handle personal, and health information are located in the Appendices at the end of this Plan.

We do this by:

• providing advice on improving work health and safety to help stop workplace injuries and deaths
• providing assistance and support programs to businesses or people carrying out a business
• providing licensing and registration for potentially dangerous work
• enforcing NSW work health and safety laws and policies, and
• appointing inspectors to:
  • provide information and advice about compliance with the WHS Act and WHS Regulation 2025
  • assist in the resolution of work health and safety issues at workplaces
  • review disputed provisional improvement notices
  • investigate contraventions of the WHS Act and WHS Regulation 2025 and assist in the prosecution of offences
  • require compliance with the WHS Act through the issuing of notices, and
  • attend coronial inquests in relation to work-related deaths and examine witnesses.

The State Insurance Regulatory Authority (SIRA) also authorises these inspectors to exercise powers under the  Workplace Injury Management and Workers Compensation Act 1998. These powers include issuing improvement notices, exercising powers of entry, and exercising powers to obtain information and documents in relation to compliance with workers compensation legislation in NSW.

2.2  Promoting the Plan

2.2.1 People leaders

The SafeWork people leaders are committed to transparency and accountability about how we comply with the PPIP Act and HRIP Act, which is reinforced by:

• promoting this Plan,
• ensuring all staff are aware of and trained in sound privacy management practices,
• identifying privacy issues when implementing new systems or establishing new projects.

2.2.2 All staff

We ensure our staff are aware of this Plan and how it applies to the work they do by:

• writing this Plan in a practical way so our staff can understand what their privacy obligations are,
• promoting the awareness of this Plan for new staff,
• annual mandatory privacy training,
• making it available in a prominent place on our internal intranet, and
• highlighting the Plan at least once a year (for example, during Privacy Awareness Week).

We also use this Plan when training staff to ensure they understand their privacy obligations and how they are to manage personal and health information. This allows our staff to identify their privacy knowledge gaps and provides helpful resources and contacts to ensure they can rectify these and uphold the agency’s commitment to achieving best privacy practice. When staff members have questions about how to manage personal and health information under the Plan, they may consult their people leader or the privacy team.

2.2.2.1 Personal Liability

It is a criminal offence, punishable by up to two years’ imprisonment, an $11,000 fine (or both), for any person employed or engaged by SafeWork (including former employees and contractors) to intentionally use or disclose any personal information or health information about another person, to which the employee or contractor has or had access in the exercise of their official functions, except in connection with the lawful exercise of their official functions.

It is also a criminal offence, punishable by up to an $11,000 fine for any person employed or engaged by SafeWork to interfere with a customer’s right to access their health information or persuade a customer to withdraw a complaint.

2.2.3 Inspectors

SafeWork inspectors have a wide range of responsibilities in helping to ensure that employers and workplaces are meeting their work health and safety, workers compensation and return to work responsibilities. Inspectors have been given a broad range of statutory powers to enable them to fulfill these functions, including powers to require the production of documents or other information, to inspect documents and make recordings of these, and to issue and execute search warrants.

In exercising these powers inspectors will have regard to the IPPs and HPPs and will comply with each of the principles unless, in the particular circumstances, compliance with that principle is not required or exempt under the legislation. Inspectors have Work Health and Safety Documented Operations Manuals which guide and underpin operations of SafeWork.

2.2.4 Privacy responsibilities

SafeWork’s Privacy Function ensures the ongoing training and education of SafeWork staff members and inspectors (including any third-party service providers or consultants) about their obligations under the PPIP Act and HRIP Act including:

• awareness of the privacy principles in the NSW privacy laws and working to ensure compliance with them
• ensuring this Plan remains up to date
• making a copy of this Plan available to all current and incoming staff, and contractors
• ensuring relevant privacy documents are consolidated and made available through the SafeWork intranet and website
• conducting or arranging staff training sessions on privacy matters as required
• provide advice on privacy by design including how to undertake a privacy threshold analysis and privacy impact assessment, and preparing a collection notice
• provide an escalation point for complex or sensitive privacy matters being available to answer any questions staff or contractors may have about their privacy obligations, and
• ensuring the organisation meets its annual report obligations
• coordinating and, where appropriate, investigating privacy incidents, breaches and complaints

To meet our annual reporting obligations each year, the DCS annual report includes a statement of the action we’ve undertaken to ensure we comply with the requirements of the PPIP Act, and provide statistical details of any review we’ve conducted, or has been conducted on our behalf, under the PPIP Act. Our privacy function also ensures that this Plan is easily accessible for members of the public, providing access via our website and making references to this Plan when we collect information.

2.2.5 Public awareness

This Plan is a reflection of SafeWork’s guarantee to you, therefore, we promote this Plan by:

• ensuring it is written in plain English
• ensuring it is published on our website (privacy management plan)
• referring to this Plan on our privacy collection notices and website privacy pages
• providing translation of this Plan in other languages or formats if requested
• providing a hard copy of this Plan if requested and free of charge
• informing you of this Plan where possible

2.2.6 Policies and practices

At SafeWork, we have a range of policies to ensure compliance with NSW privacy laws, to manage privacy risks and to deal with other matters relevant to privacy and the protection of personal and health information held by SafeWork.

Policies and procedures, including this Plan, are communicated to staff in a range of ways, including through our intranet, printed copies and targeted training. Information about our privacy practices is also made available on our privacy intranet page.

Policies and practices are developed by:

• examining changes in the legislative, policy or operational environment for their impacts on SafeWork’s privacy management
• conducting regular reviews of privacy policies and procedures
• considering the privacy implications of changes to policies and systems for any procedural changes needed
• reflective of the SafeWork NSW Policy Framework

In addition, SafeWork maintains a comprehensive privacy risk and assurance mechanism comprising a dedicated policy, framework, risk register, and oversight committee. This mechanism ensures clear accountability for privacy obligations, supports proactive risk identification and mitigation, and provides governance for ongoing compliance with relevant privacy legislation and standards.

SafeWork is an executive agency related to DCS. DCS provide shared services, particularly concerning human resources, finance, procurement and information technology policies.

For related documents with SafeWork privacy or for a full list of our policies, procedures and guidance documents, refer to our policy document register.

2.2.7 Monitoring, evaluation and continuous improvement

To ensure the effectiveness of our privacy management practices, we commit to regular monitoring and evaluation of our Privacy Program. Performance is assessed through a combination of qualitative and quantitative measures, including:

• the number and quality of privacy impact assessments completed
• staff privacy training completion rates and refresher participation
• review of incident logs and privacy complaints
• periodic reviews of third-party contracts, Memorandum of Understanding and Data Sharing Agreements to ensure privacy controls remain in place
• annual review of this Plan

2.2.8 Privacy by design

SafeWork is committed to the principle of privacy by design, which ensures that privacy protections are embedded in the design and planning of systems, processes, programs, and services from their inception and throughout their development, review and iteration. We will:

• proactively embed privacy protections into project planning and development processes
• consider privacy impacts at the earliest stages of any new initiative, system, or process that involves the collection, use, or disclosure of personal and health information. This will include considering whether a privacy impact assessment is needed when starting a new project or making changes to an existing one
• limit the collection of personal information to what is directly relevant and necessary for the specific purpose and, keep it no longer than necessary and dispose of it appropriately
• implement appropriate safeguards to protect personal information against misuse, loss, unauthorised access, modification, or disclosure
• regularly review and update systems and processes to ensure continued compliance with NSW privacy laws and best practice privacy standards
• all staff involved in planning or delivering new projects or services must assess privacy implications early in the design process and ensure that appropriate privacy controls are integrated by default

2.2.9 Emerging technologies

As SafeWork adopts and integrates new and emerging technologies to ensure they are accessible, inclusive and secure for all people of NSW, we remain committed to ensuring that privacy compliance is proactively addressed from the outset. All digital systems must align with the IPPs and HPPs under the NSW Privacy laws.

At SafeWork privacy compliance for emerging technologies is guided by:

• embedded privacy-by-design methodologies
• early-stage privacy impact assessment
• active collaboration with DCS to establish joint privacy protocols
• inclusion of technology-specific privacy controls within relevant Memorandum of Understanding and Data Sharing Agreements

Artificial Intelligence (AI)

As part of emerging technologies, AI-powered tools such as Microsoft Copilot may be used to support productivity and decision-making. At SafeWork, privacy compliance for AI use is guided by:

• limiting the input of personal or sensitive information into AI tools unless explicitly approved and compliant with NSW privacy legislation
• ensuring vendors providing AI services meet contractual obligations under PPIP and HRIP Acts, including secure storage, data minimisation, and transparency requirements
• maintaining human oversight of AI outputs to prevent errors, bias, or unintended disclosure
• restricting access to AI tools to authorised personnel and maintaining audit trails for accountability
• assessing third-party integrations and data transfers associated with AI tools for compliance and documenting these in privacy impact assessments
• staff training and guidance materials on appropriate use of AI tools