Sensitive information

The NSW Government collects, stores and manages sensitive information as a part of normal business processes. Sensitive information includes:

personal information
health information
information which could be subject to legal privilege
commercial-in-confidence information
law enforcement information
NSW Cabinet information
National Cabinet information

Examples of sensitive information are an individual’s personal details, credit information, medical records, drivers licence information, criminal records, biometric information, and other personal details.

Compromise of this information’s confidentiality may result in limited damage to an individual, organisation or government generally and requires additional care in handling. It could result in fraudulent use of an individual’s personal information, financial loss to the agency or the individuals affected or reputational damage and loss of public trust in the agency responsible for the safekeeping of the information.

Collection, storage, use and disposal of different types of sensitive information is governed by different legislation and requires different access and dissemination rules. To make these differences clear, NSW Government uses dissemination limiting markers (DLMs) that must be applied to sensitive information. Most DLMs can be used on their own, or in conjunction with a security classification.

NATIONAL CABINET is not a DLM. It is a caveat and can be applied to information with a DLM or a Security Classification. For further information on caveats, see Caveats and accountable material.

Labelling sensitive information

In NSW, sensitive information must be labelled with a DLM. This label helps the user of the information understand why the information is sensitive and what the limitations on dissemination are.

The Australian Government uses the OFFICIAL: Sensitive label for information which, if compromised, would cause limited damage to the national interest, organisations, or individuals. This information is not security classified but it does need protection and limitation of access to those who need to know.

The OFFICIAL: Sensitive label will be applied by the Australian Government, and other states and territories. The NSW Government will not apply this label to its information because the six DLMs used in NSW with the OFFICIAL: Sensitive prefix allow for the specificity required in NSW. This means that information labelled OFFICIAL: Sensitive will be deemed to have originated from outside of NSW Government. See Figure 4 for a summary.

Figure 4: OFFICIAL: Sensitive information with DLMs

Applying text-based DLM labels with a prefix of OFFICIAL: Sensitive to documents (including emails):
It is recommended that text markings be in capitals, bold text, large fonts and distinctive colours (red preferred) and located at the centre top and centre bottom of each page. If text-based markings cannot be used, use colour-based markings. For NSW DLMs a yellow colour is recommended. If text or colour-based protective markings cannot be used, apply the agency’s marking scheme.

If marking paragraphs abbreviations can be used. The Australian Government DLM OFFICIAL: Sensitive can be abbreviated to (O:S).

Hard copy and electronic records:
The label on a file cover or container must be at least equal to the label on the most sensitive item with the file or container. Labels need to be shown on all types of documents, reports and media.

Electronic and other documents should include their sensitivity label in their metadata.

Digital and data:
Sensitivity and security labelling of digital information should be applied and communicated to the users of the systems. Sensitivity labelling can be shown in metadata fields within programs, in data dictionaries and system documentation.

Some systems may not have the functionality to include sensitivity or security classification labelling. In this case, an induction or communication program should be run with staff using the system, including third party users, to ensure they understand the sensitivity of the information they have access to.

Table 2 describes how to apply the NSW DLMs and the NATIONAL CABINET caveat, and the legislation which underpins each label.

Table 2: Applying NSW DLMs and the NATIONAL CABINET caveat


Label	When to apply the label	Legislation or policy underpinning the label
OFFICIAL: Sensitive (This is an Australian Government DLM)	The Australian Government and other Australian states and territories may send information with this label. NSW agencies should not re-label information received from the Australian Government and other Australian states or territories. This label is not applied to NSW information. NSW Government will label information with NSW DLMs as described below.	Protective Security Policy Framework
NATIONAL CABINET (This is a Caveat, not a DLM)	This label is a caveat, not a DLM. It should be used for National Cabinet documents, which include: official records of National Cabinet, such as National Cabinet submissions, National Cabinet agendas and National Cabinet minutes; documents prepared for the dominant purpose of being submitted to National Cabinet for consideration and/or approval; documents that might reveal information concerning National Cabinet deliberations or decisions, such as correspondence, analyses and briefings relating to those deliberations or decisions; documents that might reveal the position that a particular member of National Cabinet has taken, is taking, will take, is considering taking, or has been recommended to take, on a matter in National Cabinet, such as correspondence, analyses and briefings relating to a member’s position on a National Cabinet matter drafts/copies/extracts of one of the above documents. It should be used in conjunction with a DLM or security classification. If used with a DLM, include the DLM as the prefix. e.g. OFFICIAL: Sensitive – Personal//NATIONAL CABINET. Note: Some email systems may not enable the use of multiple labels. In these cases, use the label OFFICIAL: Sensitive – NATIONAL CABINET. If used with a security classification, see Labelling of security classified information and Caveats and accountable material.	Protective Security Policy Framework The Australian Government Cabinet Handbook
OFFICIAL: Sensitive – NSW Cabinet	This should be used for NSW Cabinet documents, which are documents that, by their disclosure, would directly or indirectly reveal the deliberations of Cabinet (including a committee or subcommittee of Cabinet). These include: official records of Cabinet, such as Cabinet submissions, Cabinet agendas and Cabinet decisions; documents prepared for the dominant purpose of being submitted to Cabinet for consideration and/or approval, such as reports, plans, government responses, business cases etc. Cabinet submissions also fall within this category; documents that might reveal information concerning Cabinet deliberations or decisions, such as correspondence, analyses and briefings to Ministers relating to those deliberations or decisions; documents that might reveal the position that a particular Minister has taken, is taking, will take, is considering taking, or has been recommended to take, on a matter in Cabinet, such as correspondence, analyses and briefings to Ministers relating to a Minister’s position on a Cabinet matter; or drafts/copies/extracts of one of the above documents.	Cabinet Conventions: NSW Practice Government Information (Public Access) Act 2009 - Schedule 1 contains information about overriding secrecy laws which apply to NSW Cabinet information.
OFFICIAL: Sensitive – Personal	This should be used for documents that contain information or an opinion about an individual whose identity is apparent or can reasonably be ascertained from the information or opinion. Examples may include: personal contact details and addresses; date of birth and driver’s licence information; a person’s signature; recruitment, performance management, training records and evaluation reports; payroll, attendance and leave records; workers compensation records; or records containing sensitive information about an individual, including information relating to an individual’s sexual orientation, ethnicity, religion or political opinions.	Privacy and Personal Information Protection Act 1998 No 133
OFFICIAL: Sensitive – Health Information	This should be used for documents that contain health-related personal information. This means personal information: about the physical or mental health or a disability of an individual; about an individual’s express wishes about the future provision of health services to them; about a health service provided, or to be provided, to an individual; collected to provide, or in providing, a health service; collected in connection with organ donation; that is genetic information about an individual arising from a health service provided to the individual; or healthcare identifiers.	Health Records and Information Privacy Act 2002 No 71 NSW Health Privacy Manual for Health Information Health Records and Information Privacy Regulation 2017
OFFICIAL: Sensitive – Legal	This should be used for documents that contain information subject to legal professional privilege. This includes confidential communications and/or confidential documents made or prepared for the dominant purpose of a lawyer providing legal advice to a client, or providing professional legal services relating to current, pending or anticipated litigation.	Legal Profession Uniform Law (NSW) No 16a Legal Profession Uniform Law Application Act 2014 No 16 Evidence Act 1995 No 25
OFFICIAL: Sensitive – NSW Government	This should be used for documents that contain information that, if disclosed, could cause damage to an individual, organisation or government in general. Examples may include where disclosure of that information could: endanger individuals and/or private entities lead to financial loss to the agency or the individual; or cause reputational damage and loss of public trust in the agency or government.
OFFICIAL: Sensitive – Law Enforcement	This should be used for documents prepared in relation to the law enforcement functions of agencies, including investigative agencies and agencies with legislated compliance and enforcement responsibilities. See OFFICIAL: Sensitive – Law Enforcement DLM (below) for more detail.	Law Enforcement (Powers and Responsibilities) Act 2002 No 103 There are many pieces of legislation in NSW which contain additional legislative restrictions to the provision of access to information through secrecy clauses, dissemination limiting clauses for law enforcement or investigative purposes. Use this label for these.

OFFICIAL: SENSITIVE - Law Enforcement DLM

The purpose of the OFFICIAL: Sensitive – Law Enforcement DLM is to enable law enforcement agencies, investigative agencies and agencies with legislated compliance and enforcement responsibilities, to more easily understand the information they are handling, to enable sharing of information between agencies, and to have common handling procedures.

The OFFICIAL: Sensitive – Law Enforcement DLM should only be used by law enforcement agencies, investigative agencies or agencies with legislated compliance and enforcement responsibilities, for law enforcement purposes and for information that needs to remain strictly confidential.

Information compiled for law enforcement purposes is often complex and may contain personal, health and law enforcement activity information. This information is important and should be afforded appropriate security in order to protect enforcement proceedings, the right of a person to a fair trial, policing and community safety practices, proprietary information or to protect a confidential source.

Information with a NSW DLM of OFFICIAL: Sensitive – Law Enforcement which is provided to another agency for law enforcement purposes is not to be released by that agency to a third party without the written approval of the law enforcement agency that created the information. This includes information sought through various freedom of information legislation or court subpoenas. It is best practice for agencies who use this label on documents (physical or digital), to include information about which agency the information originates from.

The information that may fall under these activities includes:

multi-jurisdictional operational law enforcement activity
policies and guidelines for law enforcement investigations when disclosure of the information could be reasonably expected to risk circumvention of the law, or jeopardise the life or physical security of any individual, including the lives and safety of law enforcement personnel
law enforcement training information.

The use and dissemination of law enforcement information is strictly regulated, and it may constitute a criminal offence to use or release it for any purpose that is not authorised by the Acts. Where personal or health information is being transferred as part of a law enforcement operation, it is also necessary to comply with the requirements of the appropriate state privacy legislation.

OFFICIAL: Sensitive – Legal and OFFICIAL: Sensitive – Law Enforcement DLMs should not be confused. OFFICIAL: Sensitive – Legal should be used to protect legal professional privilege under the advice of legal professionals.

Determining which OFFICIAL: Sensitive NSW DLM to apply

Figure 5 outlines a simple decision-making process that NSW Government agencies can use to determine which NSW DLM can be applied to information of a sensitive nature.

Figure 5: Decision making tool for NSW DLMs

Why do I have to label?

Applying labels (protective markings) to security classified or sensitive information indicates that the information requires protection and dictates the level of protection required. Protective markings help control and prevent compromise of information as they are an easily recognisable way for information users (visually) and systems (such as an entity’s email gateway) to identify the level of protection the information requires. The labels describe why the dissemination of the information is limited.

Creating new DLMs

Agencies are not to create their own DLMs, security classifications or caveats.

What if my information falls under two labels?

Two labels are not required, the decision-making tool (Figure 5) has been designed to help determine which label to use. Most health information contains information about health as well as personal information and this should be labelled as OFFICIAL: Sensitive – Health Information.

In a situation where a document has multiple types of information, or information that fits more than one DLM or security classification, the document must be labelled and/or classified as per the information of the highest level of sensitivity within that document.

Who applies the label?

The person responsible for preparing the information is responsible for assessing the information and labelling it according to these guidelines.

NSW agencies are likely to manage sensitive information that has historically not been labelled. Sensitive information in use must be labelled. NSW agencies need to plan how to implement labelling across their organisation based on risk and importance of the information; for example, more sensitive or confidential information should be labelled first.

Agencies are to advise all staff, including contractors, on the proper use of the Information Classification, Labelling and Handling Guidelines. Agencies that are likely to handle sensitive information should have standard operating procedures to assist staff in labelling.

When are the labels applied?

Labels should be applied when:

the information is created. The originator is required to assess the consequences or damage from unauthorised compromise or misuse of the information. If adverse consequences from compromise of confidentiality could occur or the agency is legally required to protect the information, the information must be labelled.
information is received from external sources, that is not already labelled, should be assessed upon receipt and labelled according to its sensitivity or security requirements. Security classified information which is received from another government agency should be handled in accordance with these guidelines and the Protective Security Policy Framework (PSPF) as appropriate. Re-labelling of information received from another government agency is not necessary unless information has been added, edited or removed and its sensitivity or security classification has changed. This re-labelling should be done in consultation with that agency.

Agencies are not required to label UNOFFICIAL or OFFICIAL information. By default, unlabelled information will be handled as OFFICIAL. Agencies may determine their own policy for labelling OFFICIAL material, according to their operating requirements.

A NSW agency sending sensitive information to another government agency must label the information with a DLM so that the receiving agency will understand the sensitivity of the information.

The originator must ensure that information is classified and labelled prior to any use or sharing of the information. Information custodians are to provide appropriate classification and handling guidance to any third-party requiring access to the information.

If you receive a document or record that is already labelled, the document or record needs to be handled according to this label. Re-labelling of documents is not required unless it is obvious that the document contains sensitive or confidential information that may be at risk of exposure. If a decision to re-label is made, contact the originator of the information, if possible, to inform them of the need to amend the label.

Where should the label be applied?

Once you have assessed the information and determined that it needs a DLM, you now need to apply these labels to the information. DLMs can be applied to information in any format and medium. This includes paper or digital.

The labels need to be at the top and bottom centre of the documents, presentations, maps, media, so they are visually prominent. Examples have been provided below.

Email – As best practice, emails should be marked in the subject line as well as at the top and bottom of the message. This will help ensure that information is flagged clearly for the recipient. Email labelling is required for sensitive information and above.

Figure 6: Example email with labels at the top and bottom of the email

The Australian Government has developed an email protective marking standard for Australian government agencies to follow. This standard has been applied to the example in Figure 6.

Some email systems may not enable the use of multiple labels. If the information relates to National Cabinet, then use the label OFFICIAL: Sensitive – NATIONAL CABINET.

Documents – agencies are to insert a label in the header and footer of each document (see Figure 7 below).

Metadata – Sensitivity and security classifications should be included in the metadata about digital records or data; this ensures that the information about the sensitivity and security classifications are obvious, and persistent. Labelling can be applied at field level using metadata depending upon the application. Sensitivity and security classified labels should be added to data catalogues.

Figure 7: Example documents labelled in the header and footer

I think the label is wrong - what do I do?

The originator of the information is responsible for labelling the document and changing these labels. If the document appears to be labelled incorrectly the originator needs to be contacted and the information re-labelled. If the originator is not known, the information needs to be assessed using the business impact levels tool and labelled accordingly.

What if the information's sensitivity changes over time?

Sensitivity of information can change over time and will need to be reassessed and labelled accordingly, particularly digital records and datasets. Agency datasets which are populated by free text fields through internet applications need to be monitored frequently and labelled according to the type of information provided.

The originator and data custodian must monitor information sensitivity over time. Associated dynamic information products, data analytics and third-party applications will also need to update the labels if changed.

Sensitivity of information can change over time. For example, a document may be sensitive until it is published but not afterwards.

Do I have to update the existing labels in my agency?

These labelling guidelines are not retrospective. If information is not being used, the original labels can be kept. If the information is in use, it is expected that this information will be relabelled with new labels. A risk management approach should be taken with this process, with the higher risk or more sensitive information being relabelled first.

Receiving Australian Government information

The Commonwealth requires that NSW Government agencies receiving Australian Government sensitive and security classified information comply with the procedures set out in the PSPF regarding the application, removal, transfer, receipt and destruction of that information. Refer to PSPF Policy 8 Sensitive and security classified information for more information.

PSPF Policy 9 Access to information establishes the level of security clearance required to access sensitive and security classified information. For further guidance on obtaining personnel security clearances, see PSPF Policy 12 Eligibility and suitability of personnel and your agency’s Security Clearance Officer.

It is the responsibility of the information sender to ensure that security classified documents are protected appropriately. Recipient agencies are responsible for determining their obligations to protect the information according to the confidentiality requirements of the protective markings.

Back
Unofficial or official information

Next
Handling sensitive information

Last updated 01 Dec 2021