Key NSW Data Legislation and Policies

The Data Sharing Act enables the sharing of data between government agencies, as well as the sharing of data with the Data Analytics Centre (DAC). It aims to: 

• Encourage and facilitates data sharing 
• Outline safeguards for sharing data 
• State that data sharing must be legally compliant 
• Ensure data involving personal information is protected 
• Allow the responsible Minister to direct agencies to provide data to the DAC in certain circumstances. 

The GIPA Act facilitates public access to NSW Government information. It aims to: 

• Authorise and encourage the release of information by NSW Government agencies 
• Give the public the right to request access to government information 
• Ensure government information is only restricted when there is an overriding public interest against disclosing the information 

The Information and Privacy Commission website gives an overview of the GIPA Act, and contains many resources to support public access to government information. 

The HRIP Act  protects health records and information. It aims to: 

• Promote the fair and responsible handling of citizens’ health information 
• Enable individuals to gain access to their health information 
• Enable individuals to submit a complaint regarding their health information privacy 
• Protect the privacy of individuals in the health system.  

The Information and Privacy Commission website has an overview of NSW privacy legislation. 

The PPIP Act  provides for the protection of personal information, and the protection of the privacy of individuals generally. All personal information that is made, kept or collected by government organisations must be created and managed in accordance with the Information Protection Principles under the PPIP Act. It aims to: 

• Protect personal information 
• Ensure government organisations manage and protect personal information 
• Enable the investigation into breaches of privacy.

The Information and Privacy Commission website has an overview of NSW privacy legislation. 

The State Records Act governs the creation, management, destruction and protection of government records, and allows for public access to those records after a certain amount of time, depending on the type of information.  State Records NSW has an overview of the key obligations under the State Records Act. 

NSW agencies must retain records and information in accordance with the State Records Act 1998 (NSW) and any other legal and accountability requirements. Agencies should refer to applicable retention and disposal authorities. See State Records NSW's website for further information on retention and disposal authorities, and guidance on management of records, information and data.  

The NSW Cyber Security Policy outlines the mandatory requirements to which all NSW Government Departments and Public Service Agencies must adhere, to ensure cyber security risks to their information and systems are managed. 

The NSW Open Data Policy supports governments agencies to proactively release high quality usable data. 

This mandatory standard under the State Records Act establishes the key requirements for effective information management (which includes data management) that apply to all NSW public offices.