On this page
The SafeWork NSW Agency (SafeWork) Privacy Management Plan (Plan) describes what measures SafeWork takes to ensure it effectively manages and protects personal and health information in line with the Privacy and Personal Information Protection Act 1998 (NSW) (PPIP Act) and the Health Records and Information Privacy Act 2002 (NSW) (HRIP Act)
(the ‘NSW privacy laws’). It is also a requirement for us to have this Plan per section 33 of the PPIP Act.
We are committed to protecting the rights of our customers, staff, and members of the public, as required by the NSW privacy laws. We take these obligations seriously, and this Plan inform you how we comply with the privacy and health principles. This Plan will be reviewed and updated as required to ensure the personal and health information we collect, and use is managed appropriately, effectively and in compliance with all applicable privacy laws and to address any emerging changes in SafeWork strategic or operational priorities.
This Plan explains who you should contact if you have questions about the information collected and managed by SafeWork; how you can access and amend information stored about you by SafeWork; and what to do if you are concerned that SafeWork may have breached the PPIP or HRIP Acts.
This Plan was last reviewed in 2025-26 and published here on 19th February 2026
This Plan covers SafeWork’s requirements under section 33(2) of the PPIP Act, including:
The Plan applies to all personal and health information managed by SafeWork however, it is important to note that this plan is principles-based and does not cover all situations that may arise.
This Plan also does not cover the following information as it is not personal information for the purposes of section 4 of the PPIP Act:
When preparing this Plan, SafeWork has referred to the Privacy Management Plan resources published by the NSW Information and Privacy Commission (IPC) to ensure the Plan complies with the requirements of the privacy legislation. To that end, SafeWork has also sought feedback and recommendations from
the IPC directly.
| Agency | Has meaning of a public sector agency as granted by section 3 of the PPIP Act. |
| Collection | Refers to methods SafeWork uses to obtain information such as verbally by phone or in person, online, phone recording, videos (including body worn videos worn by inspectors), photograph or in writing. |
| Disclosure | When SafeWork makes known to an individual or entity personal or health information not previously known to them. |
| Health Information | Health information or an opinion about a person’s physical or mental health or disability, or a person’s express wishes about the future provision of his or her health services or a health service provided or to be provided to a person; See the definition at s. 6 HRIP Act |
| Health Privacy Principles (HPPs) | There are 15 HPPs listed under the HRIP Act which regulate how agencies must deal with health information. More information regarding the HPPs for members of the public can be found at Health Privacy Principles (HPPs) explained for members of the public |
| Information Protection Principles (IPPs) | There are 12 IPPs listed under the PPIP Act which regulate how public sector agencies, including government agencies, local councils and universities, must deal with personal information. More information regarding the IPPs for members of the public can be found at Information protection principles for the public |
| Investigative Agency | In accordance with s. 3 of the PPIP Act and as amended from time to time. Any of the following:
This also includes any other public sector agency with investigative functions if those functions are exercisable the authority of an Act or statutory rule and the exercise of the functions may result in the agency taking or instituting disciplinary, criminal or formal action or proceedings (section 3 PPIP Act). |
| Law Enforcement Agency | In accordance with s. 3 of the PPIP Act and as amended from time to time. Any of the following:
|
| Management of information | Refers to the systematic process of collecting, storing, organising, maintaining, protecting, and distributing information to ensure it is accurate, accessible, secure, and used effectively to support decision-making, operations, and compliance within SafeWork. |
| Personal information | Personal information or an opinion (including information or an opinion forming part of a database and whether or not recorded in a material form) about an individual whose identity is apparent or can reasonably be ascertained from the information or opinion, including such things as an individual’s fingerprints, retina prints, body samples, or genetic characteristics. Exclusions to the definition of personal information are contained in section 4(3) of the PPIP Act and includes health information; (see the definition at s4 PPIP Act and s4(3) PPIP Act and s5 of the HRIP Act). |
| Public Register | A lawfully required register where personal information is publicly available. |
| Use | ‘Use’ is different to ‘disclose’. When ‘use’ is referenced, it refers to the way SafeWork handles and deals with information within SafeWork to perform its functions. |
On this page
On 1 July 2025, SafeWork was established as an executive agency related to the Department of Customer Service (DCS). DCS will continue to provide some corporate service functions to SafeWork under formal agreement, but SafeWork has its own head of agency.
SafeWork will be led by the SafeWork Commissioner who will report directly to the Minister for Work Health and Safety.
In this Plan, ‘we’, ‘us’ or ‘our’ refers to SafeWork.
‘You’ or ‘your’ refers to the reader as an individual.
SafeWork is responsible for securing the health, safety and welfare of workers in NSW. It acts to prevent work related injuries, promote the development of healthy and safe workplaces, investigate workplace incidents and assist injured workers to return to work. SafeWork’s main statutory functions are to administer and/or ensure compliance with the following legislation:
These laws govern workplace safety, injury and disease prevention as well as handling dangerous goods and explosives. SafeWork’s full functions are set out in section 152 of the WHS Act. Other laws that impact on the way we handle personal, and health information are located in the Appendices at the end of this Plan.
We do this by:
The State Insurance Regulatory Authority (SIRA) also authorises these inspectors to exercise powers under the Workplace Injury Management and Workers Compensation Act 1998. These powers include issuing improvement notices, exercising powers of entry, and exercising powers to obtain information and documents in relation to compliance with workers compensation legislation in NSW.
The SafeWork people leaders are committed to transparency and accountability about how we comply with the PPIP Act and HRIP Act, which is reinforced by:
We ensure our staff are aware of this Plan and how it applies to the work they do by:
We also use this Plan when training staff to ensure they understand their privacy obligations and how they are to manage personal and health information. This allows our staff to identify their privacy knowledge gaps and provides helpful resources and contacts to ensure they can rectify these and uphold the agency’s commitment to achieving best privacy practice. When staff members have questions about how to manage personal and health information under the Plan, they may consult their people leader or the privacy team.
It is a criminal offence, punishable by up to two years’ imprisonment, an $11,000 fine (or both), for any person employed or engaged by SafeWork (including former employees and contractors) to intentionally use or disclose any personal information or health information about another person, to which the employee or contractor has or had access in the exercise of their official functions, except in connection with the lawful exercise of their official functions.
It is also a criminal offence, punishable by up to an $11,000 fine for any person employed or engaged by SafeWork to interfere with a customer’s right to access their health information or persuade a customer to withdraw a complaint.
SafeWork inspectors have a wide range of responsibilities in helping to ensure that employers and workplaces are meeting their work health and safety, workers compensation and return to work responsibilities. Inspectors have been given a broad range of statutory powers to enable them to fulfill these functions, including powers to require the production of documents or other information, to inspect documents and make recordings of these, and to issue and execute search warrants.
In exercising these powers inspectors will have regard to the IPPs and HPPs and will comply with each of the principles unless, in the particular circumstances, compliance with that principle is not required or exempt under the legislation. Inspectors have Work Health and Safety Documented Operations Manuals which guide and underpin operations of SafeWork.
SafeWork’s Privacy Function ensures the ongoing training and education of SafeWork staff members and inspectors (including any third-party service providers or consultants) about their obligations under the PPIP Act and HRIP Act including:
To meet our annual reporting obligations each year, the DCS annual report includes a statement of the action we’ve undertaken to ensure we comply with the requirements of the PPIP Act, and provide statistical details of any review we’ve conducted, or has been conducted on our behalf, under the PPIP Act. Our privacy function also ensures that this Plan is easily accessible for members of the public, providing access via our website and making references to this Plan when we collect information.
This Plan is a reflection of SafeWork’s guarantee to you, therefore, we promote this Plan by:
At SafeWork, we have a range of policies to ensure compliance with NSW privacy laws, to manage privacy risks and to deal with other matters relevant to privacy and the protection of personal and health information held by SafeWork.
Policies and procedures, including this Plan, are communicated to staff in a range of ways, including through our intranet, printed copies and targeted training. Information about our privacy practices is also made available on our privacy intranet page.
Policies and practices are developed by:
In addition, SafeWork maintains a comprehensive privacy risk and assurance mechanism comprising a dedicated policy, framework, risk register, and oversight committee. This mechanism ensures clear accountability for privacy obligations, supports proactive risk identification and mitigation, and provides governance for ongoing compliance with relevant privacy legislation and standards.
SafeWork is an executive agency related to DCS. DCS provide shared services, particularly concerning human resources, finance, procurement and information technology policies.
For related documents with SafeWork privacy or for a full list of our policies, procedures and guidance documents, refer to our policy document register.
To ensure the effectiveness of our privacy management practices, we commit to regular monitoring and evaluation of our Privacy Program. Performance is assessed through a combination of qualitative and quantitative measures, including:
SafeWork is committed to the principle of privacy by design, which ensures that privacy protections are embedded in the design and planning of systems, processes, programs, and services from their inception and throughout their development, review and iteration. We will:
As SafeWork adopts and integrates new and emerging technologies to ensure they are accessible, inclusive and secure for all people of NSW, we remain committed to ensuring that privacy compliance is proactively addressed from the outset. All digital systems must align with the IPPs and HPPs under the NSW Privacy laws.
At SafeWork privacy compliance for emerging technologies is guided by:
As part of emerging technologies, AI-powered tools such as Microsoft Copilot may be used to support productivity and decision-making. At SafeWork, privacy compliance for AI use is guided by:
On this page
This section details how SafeWork complies with its obligations with the 12 Information Protection Principles (IPPs) set out under the PPIP Act, and the 15 Health Privacy Principles (HPPs) set out under the HRIP Act. These principles follow the lifecycle of information, being collection, use, disclosure and storage.
While we must collect some types of personal and health information to meet our legal obligations, we will limit our collection of personal and health information to what is reasonably necessary to fulfil SafeWork’s functions. The collection of this information may be in writing, e-mail, photos, videos, through our websites, the SpeakUp app, forms, over the phone, or in person. Depending on the services, or your interactions with SafeWork, we may collect personal and health information in the following ways:
The types and examples of personal or health information that SafeWork may collect to manage workplace incidents are:
Workers' compensation claim file information may include:
We collect personal and health information direct from the person for whom it relates, unless they have consent otherwise, we are lawfully authorised to do so, or unless it is unreasonable or impracticable to do so.
Where the person is under the age of 16 or lacks capacity (e.g., because of mental illness, intellectual disability, dementia, brain injury), we can ask their authorised representative, parent or guardian for the information instead. However, we must also still try to communicate with them directly. The NSW Privacy Commissioner’s guide Privacy and Persons with Reduced Decision-Making Capacity explains how to collect personal information from or about a person who has limited or no capacity.
There are also some instances where we will collect information from third parties, including from:
For example, we may be lawfully authorised to do this under:
Collection of this information from third parties will only occur where it is necessary for us to properly exercise our investigative and other functions to ensure compliance with the Acts, regulations and other instruments made under the Acts.
When collecting personal and health information from individuals, SafeWork will ensure that the information we are collecting is relevant, accurate, up-to-date, complete and not excessive or intrusive in any way.
We achieve this by designing forms and notification processes that only collect relevant information that is required to fulfil our functions, taking into account whether it is lawful for us to collect this information, for example if legislation authorises the collection, or whether it is directly related to the agency’s functions.
If an individual wishes to provide information to SafeWork anonymously, this will be permitted, granted it allows us to fulfil our functions. It is important to note that even though information is anonymous, SafeWork must consider the broader context of the information to ensure there is no possibility of this information being able to identify an individual, thus being personal information.
SafeWork inspectors may use Body Worn Video (BWV) devices during inspections, site visits, or enforcement activities under the Surveillance Devices Act 2007, WHS Act and the Explosives Act 2003. These devices may capture audio, video, and images of individuals, workplaces, and work related incidents.
SafeWork will often request a customer to provide proof of identity to proceed with a particular transaction (for example, a licence application or a request for information under the Government Information (Public Access) Act 2009 (GIPA Act) or PPIP Act). SafeWork may use a validation service such as the Commonwealth Document Verification Service. SafeWork will obtain the customer’s consent before disclosing proof of identity information to a validation service or obtaining the results from a validation service. SafeWork may collect proof of identity information in its own right, or as part of a transaction for a partner agency.
SafeWork installs and maintains closed circuit television (CCTV) cameras on some premises for several purposes in accordance with the Workplace Surveillance Act 2005 (NSW), including:
When utilised, prominent signage notifies all staff, visitors and members of the public of the use of CCTV and that they may be under camera surveillance. Access to the CCTV images is controlled and secure to ensure that only authorised staff have access to any images.
Most of the personal and health information about staff members is collected and managed by the DCS. Some information is maintained at a local level or accessed for management purposes. For further information, please see the DCS Privacy Management Plan.
When SafeWork collects personal and health information, for example, in licence application forms, notifications, etc., we will take reasonable steps to inform an individual of the following:
Where personal and health information is being collected verbally from an individual, we will take reasonable steps to advise that individual of the above. In relation to health information, we will take these reasonable steps unless this would pose a serious threat to the life or health of an individual, or in accordance with the NSW Privacy Commissioner Guidelines on collecting health information.
Notification of collection is generally given via a privacy collection notice which SafeWork includes on its application forms, web pages and verbal messages (for example, through contact centre staff scripts or a reasonable attempt to make a person likely to be recorded aware of this by inspectors when using body worn video) at the point closest to where the information is being collected.
We will not use information for another purpose other than what it was collected for unless we are lawfully authorised or have the persons express or implied consent, either via writing or orally, or are required to by law. For consent to be valid, it must be voluntary, informed, specific, current and given by a person with the capacity to give or withhold consent.
Voluntarily means that you must be free to say ‘no’ and still receive the primary service you are asking for. It cannot be included as a standard condition. You must be given a genuine opportunity to give or withhold your consent being requested by SafeWork without feeling pressured or coerced to do so. We will not consider silence as consent.
SafeWork takes its responsibilities in securely storing the personal and health information it collects seriously. We will ensure personal, and health information is stored securely, not kept longer than necessary, and disposed of appropriately. We take reasonable steps to protect personal and health information from loss, misuse, unauthorised access, use, modification, or disclosure. This involves implementing reasonable security measures, including technical, physical, and administrative actions, to protect information. Security and disposal measures examples include:
SafeWork have a Data Governance Framework which provides guidance for managing and utilising data effectively to support our broader objectives.
Our information is managed in line with the NSW State Records Act and with the NSW Government Information Classification Labelling and Handling Guidelines. Since July 2015 these Guidelines have included the category “Sensitive: Health Information” and “Sensitive: Law Enforcement”. We comply with records management legislation and have retention and disposal rules in place for our general administration and functional information. SafeWork inspectors, staff and contractors have access to a range of internal information and records management systems as appropriate for their work. Access to these systems is password protected and limited to staff needing access to the information to do their work. Access is required to be reviewed regularly to ensure the security level allocated to individual staff is appropriate and to remove access for people who no longer require it as part of their role.
SafeWork may use private sector companies, contractors, or other government agencies for services. If these organisations or individuals have or are likely to have access to personal information, SafeWork ensures that personal and health information is managed in line with the PPIP Act, HRIP Act and data sharing and information security policies. SafeWork might do this by:
An external entity that may manage or collect personal information on behalf of SafeWork includes:
In most cases, you have the right to access, update, correct and amend the personal and health information we hold about you, for example if you need to update your contact details. You are entitled to have access to this information without cost or excessive delay. However, you may be required to pay a fee if the application is made under the HRIP Act or if you are lodging a formal application under the GIPA Act.
You are encouraged to contact the relevant business unit within SafeWork directly if you are trying to access or amend your personal or health information. You can also complete our online form or contact our privacy team at privacy@safework.nsw.gov.au.
SafeWork is committed to protecting personal information against unauthorised access, use, modification, or disclosure, and will not disclose personal information except in accordance with the IPPs (or exceptions to same) contained in PPIP Act or if required to by legislation or subpoena. For this reason, proof of identity showing a signature and/or current address with or without a photo may be sought prior to releasing the information. Each request will be considered on a case-by-case basis, and our team will use its discretion to ascertain what is reasonable to verify your identity.
We aim to respond to informal requests within 5 working days. We will tell you how long the request is likely to take, particularly if it may take longer than first expected. We will contact you to advise the outcome of the request.
Please note that some business units within SafeWork have forms available on our website to enable your amendment of your personal or health information. For example, SafeWork Licensing has a form available to allow a licence holder to change their details for a SafeWork issued licence.
Formal requests to access personal or health information can be made under the PPIP Act, HRIP Act or the GIPA Act, depending on the circumstances and the sensitivity of the information involved. You would generally need to complete a particular form and provide specific details before your application will be valid. You can find out about making formal access applications under GIPA via accessing information page on our website.
You may need to lodge a formal application if any of the follow applies:
No fee is required if you are requesting information under the PPIP or HRIP Acts, however GIPA applications will require the application fee of $30 to be paid.
The Office of the Privacy Commissioner, within the IPC, can also provide help and guidance about your rights to access your personal and health information.
If we decide not to give you access to or amend your personal or health information, we will clearly explain our legal reasons. For example, when investigating workplace incidents under the WHS Act, we are generally restricted from giving people access to information we have obtained from NSW public sector agencies for the purposes of conducting the investigation. We may, however, release the information if the agency or person explicitly consents to its release.
We are usually restricted from giving you access to someone else’s personal and health information.
While the PPIP Act and the HRIP Act give you the right to access your own information, the Acts generally do not give you the right to access someone else’s information. However, both the PPIP Act and HRIP Act allow you to give us permission to collect your personal and health information from, and disclose it to, someone else. For example, when contact with us worsens an anxiety condition or if you are mentally or physically unfit to represent yourself. If you are under 16, we are allowed to collect information directly from your parents or guardian. If you do require someone to act on your behalf, you will need to provide us with written consent.
The Acts also enable us to disclose information in limited circumstances, such as to prevent a serious and imminent threat to the life, health and safety of an individual, or if withholding your information would prejudice you. In the case of health information, other reasons include to find a missing person or for compassionate reasons. The Information & Privacy Commission’s Guide to Privacy and Persons with Reduced Decision-making Capacity explains how to seek consent for a secondary use or disclosure of personal information from a person who has limited or no capacity.
Under the GIPA Act, any member of the public has an inherent human right to access government held information. The information that is subject to a GIPA request, therefore, may include personal or health information of other individuals. The provisions under the GIPA Act are thoroughly considered when assessing the release of any information in scope of a GIPA request. More information in relation to GIPA requests can be found on our website.
Before using any personal or health information, we take reasonable steps in ensuring the information is relevant, accurate, up-to-date, complete and not misleading. We may use personal and health information:
‘Use’ is different to ‘disclose’. We use information when we handle or ‘use’ it internally.
As a general principle, we use the personal and health information we’ve collected only for the purpose for which it was collected. The relevant purpose should have been set out in a privacy notice at the time of collection.
We may also use personal and health information for a directly related secondary purpose. A directly related secondary purpose is a purpose that is very closely related to the purpose for collection and would be the type of purpose that people would quite reasonably expect their information to be used for. For example, information collected during the licence application process may be used to send licence renewal notices, using the information to conduct internal reviews related to compliance of licence renewal notice and, linking an individual’s records across internal systems to improve accuracy and enable our regulatory functions.
SafeWork may contact customers to clarify or verify personal or health information when the information provided is incomplete, irrelevant, outdated, or inconsistent. This ensures the accuracy and reliability of the information we collect.
Further to the circumstances set out above, we may also use health information to lessen or prevent a serious threat to public health or safety; management of health services; training; research purposes; finding a missing person; for law enforcement purposes and in respect of suspected unlawful activity, unsatisfactory professional conduct or breach of discipline.
We may disclose information if:
'Disclose' is different to 'use'. We may disclose information when we disclose it to someone outside of SafeWork. Stricter rules apply to sensitive personal information. Disclosing sensitive information (e.g., a person’s ethnic or racial origin, political opinions, religious or philosophical beliefs, trade union membership or sexual activities) is generally only allowed with the person’s consent. We can generally only disclose personal or health information to someone outside NSW, or to a Commonwealth agency if one of the following applies:
We may disclose information we are lawfully authorised to disclose. See Appendix 2 below.
Most other disclosures we make will be appropriately related to the purpose for which the information was collected and/or the individual will have the consent of the individual.
When we are required to share information with other business areas within SafeWork or other public sector agencies, we will do so in accordance with the privacy laws.
Requests for personal or health information from outside bodies, including from government agencies, will be assessed to determine whether we are permitted to provide the information.
A breach of a person's privacy occurs when their personal and/or health information is compromised. A breach can occur:
When responding to a privacy breach SafeWork will investigate using the following steps:
SafeWork has a Privacy/Data Breach Response Procedure that outlines our plan for responding to a privacy breach, including how we manage a breach and the process for notifying people affected by the breach.
The Mandatory Notification of Data Breach (MNDB) Scheme requires every NSW public sector agency bound by the PPIP Act to notify the Privacy Commissioner and affected individuals of eligible data breaches.
A data breach is eligible under the amendment if it is likely to result in serious harm to any of the individuals to whom the information relates. Whether a data breach is likely to result in serious harm
requires an assessment, determined from the viewpoint of a reasonable person. Serious harm to an individual may include serious physical, psychological, emotional, financial, or reputational harm.
When a staff member or contractor identifies a suspected data breach, they must report it to their people leader or relevant business owner. The people leader or business owner will then notify the privacy team by submitting a completed notification form. The privacy team will assign an appropriate assessor to work with the relevant functions to contain the incident, investigate the circumstances, and assess the impact of the data breach.
Separate from this Plan, SafeWork complies with DCS Data Breach Policy, which outlines the detailed processes to contain, assess, manage, and notify an eligible data breach under Part 6A of the PPIP Act.
We will allow people to receive services from us anonymously, where lawful, secure, and practicable.
We will only assign identifiers to the people we serve where required.
We will only use health records linkage systems when individuals have expressly consented to their information being included on such a system, or for research purposes which have been approved by an Ethics Committee and in accordance with the Statutory Guidelines on Research issued under the HRIP Act.
On this page
We encourage you to contact us directly in the first instance if you believe that we have breached one of the privacy principles or have concerns with the way we have handled your personal or health information.
Should you hold any of the above concerns, please contact the SafeWork privacy team at privacy@safework.nsw.gov.au. The SafeWork privacy team will be able to assist you by:
We are committed to managing privacy complaints in a way that is timely, fair, transparent, and compliant with the PPIP Act. We follow the complaint handling guidance provided by the NSW Information and Privacy Commission (IPC) and aim to resolve issues without delay or further breach. Under the PPIP Act, you are not explicitly required to identify yourself when lodging a privacy complaint. Our agency accepts complaints made anonymously or under a pseudonym. However, we advise complainants that:
We will still assess and act on any credible anonymous complaint, particularly if it reveals a serious or systemic privacy risk.
Should you not be satisfied that your concerns have been rectified informally, you can apply for an internal review or make a complaint to the NSW Privacy Commissioner. If you would like to provide positive feedback or make a complaint, you can use our customer feedback form or call us on 13 10 50.
If you believe that SafeWork has breached the PPIP Act or HRIP Act relating to your personal and/or health information, you have a right to seek an internal review. Where you believe there has been a breach of another individual’s privacy, you can only ask for an internal review if you are their authorised representative.
Please note, an internal review may only be lodged within six months from the time you first became aware of the suspected breach. In limited circumstances, we will consider whether we will accept a late application for an internal review.
You may also make a privacy complaint directly to the NSW Privacy Commissioner.
To help you apply for an internal review, you can use the application form. Although we encourage use of the form, it is not compulsory. You may submit any other relevant material along
with your application. Requests for internal review should be sent to the SafeWork privacy team at privacy@safework.nsw.gov.au and needs to:
Applications in other languages will be accepted and translated, and all acknowledgments and correspondence from SafeWork will be translated into the applicant’s preferred language. If the applicant is not literate in English and/or their first language and there is no organisation making the application on their behalf, the SafeWork privacy team will help write the application, using a professional interpreter if necessary.
In making a decision, we may decide to:
You will be informed of the outcome within 14 days of the internal review being decided, including:
The PPIP Act requires that the NSW Privacy Commissioner be informed of the receipt of an application for an internal review of conduct and receive regular progress reports of the investigation. In addition, the Commissioner is entitled to make submissions in relation to the application for internal review.
When we receive your application, we will provide a copy to the IPC. We will then continue to keep the IPC informed of the progress of the internal review, the findings of the review and the proposed action to be taken by SafeWork in relation to the internal review. Any submissions made by the IPC to the agency will be taken into consideration when making our decision.
The IPC contact details are:
Office: Information & Privacy Commission NSW, Level 15, McKell Building, 2-24 Rawson Place, Haymarket NSW 2000 Post: GPO Box 7011, Sydney NSW 2001 Phone: 1800 472 679
Email: ipcinfo@ipc.nsw.gov.au
Web: www.ipc.nsw.gov.au
If you are unhappy with the outcome of the internal review, you can apply to NCAT to review the decision (an “external review”). If we have not completed the internal review within 60 days, you can also take the matter to NCAT for external review.
However, please note, before you have the right to seek an external review you must first seek an internal review by SafeWork. Generally, you have 28 days from the date of the internal review decision to seek the external review.
For more information about seeking an external review including current forms and fees, please contact NCAT:
NCAT Administrative and Equal Opportunity Division and Occupational Division Postal address: PO Box K1026, Haymarket NSW 1240 I DX 11539 Sydney Downtown Street address: Level 10 John Maddison Tower, 86-90 Goulburn Street, Sydney NSW 2000 Phone: 1300 006 228
Email: aeod@ncat.nsw.gov.au
Web: www.ncat.nsw.gov.au
Should you have any queries in relation to this Plan or other privacy concerns, please contact SafeWork’s privacy team via the below details:
Email: privacy@safework.nsw.gov.au
General SafeWork enquiries:
Phone: 13 10 50
Web: www.safework.nsw.gov.au
On this page
This section contains information about public register requirements in the PPIP Act and a summary of other laws that may impact the way we handle personal and health information.
The PPIP Act governs how NSW public sector agencies should manage personal information contained in public registers (Part 6 – Public Registers).
There are specific circumstances where SafeWork will suppress information that is held on its licence public register (for example, suppression is necessary to prevent or lessen a serious and imminent threat to the life or health of the individual). This register contains details of individuals who hold asbestos, high risk work (HRW), and demolition licences as well as holders of general construction induction training cards (GIT).
Should you wish to request to change, remove or suppress personal information held on the SafeWork public register, you may request this via our online form. Alternatively, you can request a change, removal or suppression of your personal email via the following options: email to: licensing@safework.nsw.gov.au or contact the privacy team: privacy@safework.nsw.gov.au
Your submission should include:
The following registers are maintained by SafeWork:
Other laws which impact on how we handle personal and health information include:
Crimes Act 1900 (NSW)
Under this law, SafeWork must not access or interfere with data in computers or other electronic devices unless we are authorised to do so.
Data Sharing (Government Sector Act) 2015
This law sets out the sharing of government data between government agencies and the government Data Analytics Centre, including the sharing of de-identified personal data. Enhanced privacy safeguards apply and this Act in no way alters how the current privacy legislation applies to the personal and health information we hold.
Under this law, people can apply for access to government information we hold. Sometimes this information may include personal or health information. The Act contains public interest considerations against disclosure of information that would reveal an individual’s personal information; or contravene an information or health protection principle under the PPIP Act and HRIP Act.
If a person has applied for access to someone else’s personal or health information, we will consult with the affected third parties. If we decide to release a third party’s personal information, we must not disclose the information until the third party has had the opportunity to seek a review of our decision.
Visit our website for further information on applications to access information under the GIPA Act.
Government Information (Information Commissioner) Act 2009 (GIIC Act)
Under this law, the Information Commissioner has the power to access government information held by other NSW public sector agencies for the purpose of conducting a review, investigation or dealing with a complaint under the GIPA Act and GIIC Act. The Information Commissioner also has the right to enter and inspect any premises of an NSW public sector agency and inspect any record.
This Act also allows the Information Commissioner to provide information to the NSW Ombudsman, the Director of Public Prosecutions, the NSW Independent Commission Against Corruption or the NSW Police Integrity Commission.
Independent Commission Against Corruption Act 1988 (NSW)
Under this law, SafeWork employees must not misuse information obtained in the course of their duties.
Public Interest Disclosures Act 2022 (NSW) (PID Act)
Under the PID Act, a public official, which includes people working within a NSW public sector agency, can make a public interest disclosure (PID) to the Information Commissioner about a failure to properly fulfil functions under the GIPA Act or to the Privacy Commissioner about a non-trivial failure to exercise functions in accordance with the PPIP Act or the HRIP Act.
We note that the definition of personal information under the PPIP Act excludes information about an individual contained in a PID. This means that “personal information” received or collected under the PID Act is not subject to the IPPs or HPPs.
The PID Act requires that we must not disclose information that might identify or tend to identify a person who has made a voluntary PID.
State Records Act 1998 (NSW) and State Records Regulation 2015 (NSW)
These laws set out the requirements for the creation, management and protection of SafeWork records.
The Information Protection Principles (IPPs) and Health Privacy Principles (HPPs) in the PPIP Act and HRIP Act do not apply in certain situations or to certain information collected. This section outlines the main exemptions to each principle.
Limiting our collection of personal and health information - IPP 1 and HPP 1
How we collect personal and health information - IPP 2 and HPP 3
Notification when collecting personal and health information – IPP 3 and HPP 4
How we collect personal and health information - IPP 4 and HPP 2
Retention and security – IPP 5 and HPP 5
Transparency – IPP 6 and HPP 6
Access – IPP 7 and HPP 7
Correction – IPP 8 and HPP 8
Accuracy – IPP 9 and HPP 9
Use – IPP 10 and HPP 10
Disclosure – IPP 11 + 12 and HPPs 11 + 14
Identifiers – HPP 12
Linkage of health records – HPP 15
Example of laws which may authorise or permit SafeWork to not comply with certain IPPs and HPPs include: