Skip to main content

A NSW Government website


Key NSW Data Legislation and Policies

The following is an overview of key data legislation and policies that impacts the whole NSW Government sector:

Data Sharing (Government Sector) Act 2015 

The Data Sharing Act enables the sharing of data between government agencies, as well as the sharing of data with the Data Analytics Centre (DAC). It aims to: 

  • Encourage and facilitates data sharing 
  • Outline safeguards for sharing data 
  • State that data sharing must be legally compliant 
  • Ensure data involving personal information is protected 
  • Allow the responsible Minister to direct agencies to provide data to the DAC in certain circumstances. 

Government Information (Public Access) Act 2009 (GIPA Act)

The GIPA Act facilitates public access to NSW Government information. It aims to: 

  • Authorise and encourage the release of information by NSW Government agencies 
  • Give the public the right to request access to government information 
  • Ensure government information is only restricted when there is an overriding public interest against disclosing the information 

The Information and Privacy Commission website gives an overview of the GIPA Act, and contains many resources to support public access to government information. 

Health Records and Information Privacy Act 2002 (HRIP Act) 

The HRIP Act protects health records and information. It aims to: 

  • Promote the fair and responsible handling of citizens’ health information 
  • Enable individuals to gain access to their health information 
  • Enable individuals to submit a complaint regarding their health information privacy 
  • Protect the privacy of individuals in the health system.  

The Information and Privacy Commission website has an overview of NSW privacy legislation

Privacy and Personal Information Protection Act 1998 (PPIP Act) 

The PPIP Act provides for the protection of personal information, and the protection of the privacy of individuals generally. All personal information that is made, kept or collected by government organisations must be created and managed in accordance with the Information Protection Principles under the PPIP Act. It aims to: 

  • Protect personal information 
  • Ensure government organisations manage and protect personal information 
  • Enable the investigation into breaches of privacy.

The Information and Privacy Commission website has an overview of NSW privacy legislation

State Records Act 1998

The State Records Act governs the creation, management, destruction and protection of government records, and allows for public access to those records after a certain amount of time, depending on the type of information. The State Archives and Records Authority has an overview of the key obligations under the State Records Act

NSW agencies must retain records and information in accordance with the State Records Act 1998 (NSW) and any other legal and accountability requirements. Agencies should refer to applicable Functional Retention and Disposal Authorities and General Retention and Disposal Authorities. See NSW State Archives and Records’ website for further information on retention and disposal authorities, and guidance on information/record retention, disposal, physical storage of paper records, and archiving. 

NSW Cyber Security Policy

The NSW Cyber Security Policy outlines the mandatory requirements to which all NSW Government Departments and Public Service Agencies must adhere, to ensure cyber security risks to their information and systems are managed. 

NSW Open Data Policy

The NSW Open Data Policy supports governments agencies to proactively release high quality usable data. 

Standard on Records Management

This mandatory standard under the State Records Act establishes the key requirements for effective information management (which includes data management) that apply to all NSW public offices. 


Last updated 11 Jul 2024