The Toolkit has been designed to support NSW Government agency compliance with relevant all-of-government statutes, policies and frameworks that relate to the collection of data, data management and retention, confidentiality, data sharing, data linkage and public release.
Legislative requirements
Legislative instruments relating to the Toolkit include:
Government Information (Public Access) Act 2009 (NSW)
The GIPA Act facilitates public access to NSW Government information. It does this by authorising and encouraging the release of information by NSW Government agencies, giving members of the public the right to request access to government information, and by ensuring government information is only restricted where there is an overriding public interest against disclosing the information.
Privacy and Personal Information Protection Act 1998 (NSW)
The PPIP Act provides principles for the protection of personal information, and the protection of the privacy of individuals generally. Under the Act, all personal information that is made, kept or collected by government organisations must be created and managed in accordance with the Information Protection Principles under the PPIP Act. The Information and Privacy Commission website has an overview of NSW privacy legislation.
Health Records and Information Privacy Act 2002 (NSW)
The HRIP Act protects the privacy of an individual’s health information held by the public and private sectors, enables individuals to gain access to their information, and provides an accessible framework for the resolution of complaints regarding the handling of health information. The 15 Health Privacy Principles are legal obligations that agencies must abide by when collecting, holding, using and disclosing a person’s health information.
State Records Act 1998 (NSW)
The State Records Act sets out the rules for the creation, capture, control, use, maintenance and disposal of all records and information in line with whole-of-government records and information management policies. State Records NSW has developed the Records and Information Management Policy checklist that helps agencies ensure their internal strategies are consistent with whole-of government information management policy.
Data Sharing (Government Sector) Act 2015 (NSW)
The Data Sharing Act enables the sharing of data between NSW Government agencies, and with the Data Analytics Centre (DAC). The Act encourages and facilitates data sharing, outlines safeguards for sharing data, states that data sharing must be legally compliant, ensures data involving personal information is protected, and allows the responsible Minister to direct agencies to provide data to the DAC under certain circumstances.
Policies and other guidance
Policies and other guidance relating to the Toolkit include:
NSW Open Data Policy
Data should be open to the extent that its management, release and characteristics meet the objectives of openness, accountability, fairness and effectiveness set out in the Government Information (Public Access) Act 2009 (NSW). Under the GIPA Act, there is a presumption in favour of the disclosure of information, unless there is an overriding public interest against disclosure.
The Policy sets out six open data principles that all government data must be:
- Open by default, protected where required;
- Prioritised, discoverable and usable;
- Primary and timely;
- Well managed, trusted and authoritative;
- Free of charge where appropriate; and
- Subject to public input.
NSW Cyber Security Policy
The Policy sets out mandatory requirements that all agencies must comply with to ensure that cyber security risks to data, information, and systems are managed and data is kept secure. These include: implementing cyber security and governance; building and supporting a cyber security culture across the agency; managing cyber security risks and reporting against the Cyber Security Policy Requirements.
NSW Government Data Strategy
The NSW Government Data Strategy outlines a collaborative, coordinated, consistent, and safe approach to using and sharing data and insights across government to inform decisions and actions that achieve the best possible outcomes for the people and businesses of NSW. The Strategy complements the NSW Beyond Digital Strategy, which guides NSW Government in using data and insights to understand customer needs and enhance services, providing a better and more targeted experience in line with customer commitments. The NSW Government Data Strategy will further develop the government's maturity in using data for better community outcomes. It focuses on harnessing the power of data to shape the future, delivering on government priorities, responding to emerging issues, and most importantly, delivering the experience and services that the people and businesses of NSW expect, while maintaining the privacy, security, and ethical standards that are expected.
NSW Information Classification, Labelling and Handling Guidelines
The Guidelines set out the NSW Government’s approach to classifying, labelling and handling sensitive information. The classification of information created, owned and managed by the NSW Government is a mandatory requirement under the NSW Cyber Security Policy. The Guidelines are consistent with the Australian Government security classification system.
Additional legal, regulatory and policy requirements may apply in specific agency or business domains. All organisations should identify the specific requirements that apply to their environment.
Additional legal, regulatory and policy requirements may apply in specific agency or business domains. All organisations should identify the specific requirements that apply to their environment.
State, National and International Standards
State, National, and International standards already exist with respect to data governance. All NSW public sector agencies are responsible for conforming to appropriate standards, including those issued by State Records NSW and the Information and Privacy Commission NSW.
Standards specific to data management are included in the Data Management component of this Toolkit and are based on the internationally recognised Data Management Body of Knowledge guide.1
While this Toolkit will be updated to reflect ongoing developments in standards and best practice, public sector agencies are expected to maintain their understanding of current applicable standards.
Download Module 2
Last updated 11 Jul 2024