Appendices

On this page

5.1 Appendix 1: Public registers and other related laws

This section contains information about public register requirements in the PPIP Act and a summary of other laws that may impact the way we handle personal and health information.

5.1.1 Public registers

The PPIP Act governs how NSW public sector agencies should manage personal information contained in public registers (Part 6 – Public Registers).

There are specific circumstances where SafeWork will suppress information that is held on its licence public register (for example, suppression is necessary to prevent or lessen a serious and imminent threat to the life or health of the individual). This register contains details of individuals who hold asbestos, high risk work (HRW), and demolition licences as well as holders of general construction induction training cards (GIT).

Should you wish to request to change, remove or suppress personal information held on the SafeWork public register, you may request this via our online form. Alternatively, you can request a change, removal or suppression of your personal email via the following options: email to: licensing@safework.nsw.gov.au or contact the privacy team: privacy@safework.nsw.gov.au

Your submission should include:

  • details of what personal information you are requesting be suppressed from the SafeWork register
  • an explanation of why the licence or certificate holder believes that the publication of their information can affect their personal safety or well-being if not suppressed
  • an explanation of any other individual interest that the licence or card holder may have in suppressing the information
  • evidence supporting your case, for example:
    • police report/s
    • court outcome
    • letter from solicitor
    • medical certificate

The following registers are maintained by SafeWork:

  • trainers and providers register
  • licence registers (For example: high risk work licence, explosive and fireworks licence, asbestos removal licence, demolition licence)

5.1.2 Other laws that impact on the way we handle personal health information

Other laws which impact on how we handle personal and health information include:

Crimes Act 1900 (NSW)

Under this law, SafeWork must not access or interfere with data in computers or other electronic devices unless we are authorised to do so.

Data Sharing (Government Sector Act) 2015

This law sets out the sharing of government data between government agencies and the government Data Analytics Centre, including the sharing of de-identified personal data. Enhanced privacy safeguards apply and this Act in no way alters how the current privacy legislation applies to the personal and health information we hold.

Government Information (Public Access) Act 2009 (GIPA Act) and Government Information (Public Access) Regulation 2009

Under this law, people can apply for access to government information we hold. Sometimes this information may include personal or health information. The Act contains public interest considerations against disclosure of information that would reveal an individual’s personal information; or contravene an information or health protection principle under the PPIP Act and HRIP Act.

If a person has applied for access to someone else’s personal or health information, we will consult with the affected third parties. If we decide to release a third party’s personal information, we must not disclose the information until the third party has had the opportunity to seek a review of our decision.

Visit our website for further information on applications to access information under the GIPA Act.

Government Information (Information Commissioner) Act 2009 (GIIC Act)

Under this law, the Information Commissioner has the power to access government information held by other NSW public sector agencies for the purpose of conducting a review, investigation or dealing with a complaint under the GIPA Act and GIIC Act. The Information Commissioner also has the right to enter and inspect any premises of an NSW public sector agency and inspect any record.

This Act also allows the Information Commissioner to provide information to the NSW Ombudsman, the Director of Public Prosecutions, the NSW Independent Commission Against Corruption or the NSW Police Integrity Commission.

Independent Commission Against Corruption Act 1988 (NSW)

Under this law, SafeWork employees must not misuse information obtained in the course of their duties.

Public Interest Disclosures Act 2022 (NSW) (PID Act)

Under the PID Act, a public official, which includes people working within a NSW public sector agency, can make a public interest disclosure (PID) to the Information Commissioner about a failure to properly fulfil functions under the GIPA Act or to the Privacy Commissioner about a non-trivial failure to exercise functions in accordance with the PPIP Act or the HRIP Act.

We note that the definition of personal information under the PPIP Act excludes information about an individual contained in a PID. This means that “personal information” received or collected under the PID Act is not subject to the IPPs or HPPs.

The PID Act requires that we must not disclose information that might identify or tend to identify a person who has made a voluntary PID.

State Records Act 1998 (NSW) and State Records Regulation 2015 (NSW)

These laws set out the requirements for the creation, management and protection of SafeWork records.

5.2 Appendix 2: Exemptions

The Information Protection Principles (IPPs) and Health Privacy Principles (HPPs) in the PPIP Act and HRIP Act do not apply in certain situations or to certain information collected. This section outlines the main exemptions to each principle.

Limiting our collection of personal and health information - IPP 1 and HPP 1

  • unsolicited information
  • personal information collected before 1 July 2000
  • health information collected before 1 September 2004
  • in the case of personal information, for certain Ministerial correspondence or referral of inquiries
  • in the case of personal information, to enable the auditing of accounts of performance of an agency or agencies
  • in the case of personal information, certain research purposes

How we collect personal and health information - IPP 2 and HPP 3

  • unsolicited information
  • personal information collected before 1 July 2000
  • health information collected before 1 September 2004
  • in the case of personal information, some law enforcement or some investigative and complaints handling purposes
  • where another law authorises or requires us not to comply with this principle
  • where non-compliance is otherwise permitted, implied, or contemplated by another law
  • in the case of personal information, where compliance would disadvantage the individual

Notification when collecting personal and health information – IPP 3 and HPP 4

  • unsolicited information
  • personal information collected before 1 July 2000
  • health information collected before 1 September 2004
  • the individual concerned has expressly consented to the non-compliance
  • some law enforcement and investigative or complaints handling purposes
  • where another law authorises or requires us not to comply
  • where non-compliance is otherwise permitted, implied, or contemplated by another law
  • where compliance would disadvantage the individual
  • where notification about health information would be unreasonable or impracticable

How we collect personal and health information - IPP 4 and HPP 2

  • unsolicited information
  • personal information collected before 1 July 2000
  • health information collected before 1 September 2004
  • law enforcement or some investigative and complaints handling purposes
  • where another law authorises or requires us not to comply
  • where non-compliance is otherwise permitted, implied, or contemplated by another law
  • where compliance would disadvantage the individual

Retention and security – IPP 5 and HPP 5

  • in the case of health information, the organisation is lawfully authorised or required not to comply
  • in the case of health information, non-compliance is permitted under an Act or any other law

Transparency – IPP 6 and HPP 6

  • where another law authorises or requires us not to comply
  • where non-compliance is otherwise permitted, implied, or contemplated by another law

Access – IPP 7 and HPP 7

  • some health information collected before 1 September 2004
  • where another law authorises or requires us not to comply
  • where non-compliance is otherwise permitted, implied, or contemplated by another law
  • the provisions of the GIPA Act that impose conditions or limitations (however expressed)

Correction – IPP 8 and HPP 8

  • health information collected before 1 September 2004
  • some investigative or complaints handling purposes
  • where another law authorises or requires us not to comply
  • where non-compliance is otherwise permitted, implied, or contemplated by another law
  • the provisions of GIPA Act that impose conditions or limitations (however expressed)

Accuracy – IPP 9 and HPP 9

  • there are no direct exemptions to the operation of this principle.

Use – IPP 10 and HPP 10

  • the individual concerned has consented to the non-compliance
  • law enforcement and some investigative or complaints handling purposes
  • where another law authorises or requires us not to comply
  • where non-compliance is otherwise permitted, implied, or contemplated by another law
  • in the case of health information, to lessen or prevent a serious threat to public health or public safety
  • in the case of health information, finding a missing person
  • information sent to other agencies under the administration of the same Minister or Premier for the purposes of informing the Minister or Premier
  • some research purposes
  • in the case of health information, some training purposes

Disclosure – IPP 11 + 12 and HPPs 11 + 14

  • law enforcement and some investigative and complaints handling purposes
  • when it is authorised or required by a subpoena, warrant or statutory notice to produce
  • where another law authorises or requires us not to comply
  • where non-compliance is otherwise permitted, implied, or contemplated by another law
  • in the case of health information, to lessen or prevent a serious threat to public health or public safety
  • in the case of health information compassionate reasons in certain limited circumstances
  • finding a missing person
  • information sent to other agencies under the administration of the same Minister or Premier for the purposes of informing the Minister or Premier
  • in the case of health information, some research and training purposes

Identifiers – HPP 12

  • There are no direct exemptions to the operation of this principle

Linkage of health records – HPP 15

  • health information collected before 1 September 2004
  • where another law authorises or requires us not to comply
  • where non-compliance is otherwise permitted, implied, or contemplated by another

Example of laws which may authorise or permit SafeWork to not comply with certain IPPs and HPPs include:

  • Sections 271 and 271A of the Work Health and Safety Act 2011 Section 271 prohibits the use or disclosure of information obtained in exercising a power or function under the Act and sets out when these additional restrictions don’t apply (e.g. with the person’s consent,  when it’s necessary for the exercise of a power or function the Act, or for administering or monitoring or enforcing compliance with the Act, or necessary for administering or enforcement of another Act specified in the Regulation
  • Section 271A authorises the disclosure of information between SafeWork and the regulator under the Work Health and Safety (Mines and Petroleum Sites) Act 2013, the Department of Industry, Skills and Regional Development for the purpose of exercising functions under those Acts
  • Sections 243 of the Workplace Injury Management and Workers Compensation Act 1998 authorises SIRA and the Nominal Insurer to disclose certain information to us
  • The broad range of powers given to SafeWork, and in particular inspectors, to enable them to fulfil their investigatory and regulatory roles. For example:
    • Section 155 of the Work Health and Safety Act 2011 allows us to give a written notice to someone requiring them to provide information or in relation to a possible contravention of the Act or that will assist SafeWork NSW to monitor or enforce compliance with the Act
Back to top