Understand key data legislation

In this section:

While your agency may have its own data and information requirements, here you'll find an overview of key data legislation that impacts the whole sector.

Data Sharing (Government Sector) Act 2015

This Act enables the sharing of data between government agencies, as well as the sharing of data with the Data Analytics Centre (DAC). The Data Sharing Act:

  • Encourages and facilitates data sharing
  • Outlines safeguards for sharing data
  • States that data sharing must be legally compliant
  • Ensures data involving personal information is protected
  • Allows the responsible Minister to direct agencies to provide data to the DAC in certain circumstances.

Government Information (Public Access) Act 2009

The Government Information (Public Access) Act 2009 (GIPA Act) facilitates public access to NSW Government information. It aims to:

  • Authorise and encourage the release of information by NSW Government agencies
  • Give members of the public the right to request access to government information
  • Ensure government information is only restricted when there is an overriding public interest against disclosing the information

The Information and Privacy Commission website gives an overview of the GIPA Act, and contains many resources to support public access to government information.

Health Records and Information Privacy Act 2002 (HRIP Act)

The HRIP Act protects health records and information. It aims to:

  • Promote the fair and responsible handling of citizens’ health information
  • Enable individuals to gain access to their health information
  • Enable individuals to submit a complaint regarding their health information privacy
  • Protect the privacy of individuals in the health system. 

The Information and Privacy Commission website has an overview of NSW privacy legislation.

Privacy and Personal Information Protection Act 1998 (PPIP Act)

The PPIP Act provides for the protection of personal information, and the protection of the privacy of individuals generally. All personal information that is made, kept or collected by government organisations must be created and managed in accordance with the Information Protection Principles under the PPIP Act. The Act aims to:

  • Protect personal information
  • Ensure government organisations manage and protect personal information
  • Enable the investigation into breaches of privacy

The Information and Privacy Commission website has an overview of NSW privacy legislation.

State Records Act 1998

The State Records Act governs the creation, management, destruction and protection of government records, and allows for public access to those records after thirty years. The State Archives and Records Authority has an overview of the key obligations under the State Records Act.

NSW Cyber Security Policy

The NSW Cyber Security Policy outlines the mandatory requirements to which all NSW Government Departments and Public Service Agencies must adhere, to ensure cyber security risks to their information and systems are managed.

Open Data Policy

The NSW Open Data Policy supports governments agencies to proactively release high quality usable data.

Standard on Records Management

This mandatory standard under the State Records Act establishes the key requirements for effective information management (which includes data management) that apply to all NSW public offices.


Last updated: 19 June 2019