Specialised training

Recommended for: anyone working in NSW Government involved in the collection, use or management of records containing personal or health information.

No prior knowledge of the information protection principles and the health privacy principles is assumed.

Course outline

This course provides an overview of the privacy obligations all NSW government agencies must follow, and consequences of non-compliance.

The course will cover the following topics:

• statutory definition of ‘personal information’ and ‘health information’
• information protection principles and health privacy principles that address the collection, use, disclosure, access, amendment, retention and security of personal and health information
• practical legal consequences of breaching an agency’s privacy obligations
• an agency’s obligations under the Mandatory Notification of Data Breaches scheme
• key privacy governance documents promoting compliance (including privacy management plans).

Learning outcomes

On completion of this course, participants will:

• understand the data handling principles that apply to ‘public sector agencies’ and ‘organisations’ under NSW privacy legislation in relation to personal and health information
• understand the obligations imposed by the Mandatory Notification of Data Breaches scheme
• recognise practical legal consequences of breaching statutory privacy obligations.

Recommended for: anyone working in NSW Government seeking to develop a deeper understanding of NSW privacy law.

The course assumes participants have a basic knowledge of the information protection principles and the health privacy principles.

Course outline

This course provides a deeper understanding of NSW privacy law, and will cover the following topics:

• the interaction between the Government Information (Public Access) Act 2009, the Privacy and Personal Information Protection Act 1998 and the Health Records and Information Privacy Act 2002
• exemptions to the applications of the information protection principles and the health privacy principles
• other legal mechanisms that can be sought by an agency to avoid breaching the information protection principles and the health privacy principles
• issues surrounding when conduct should be attributed to a ‘public sector agency’
• privacy issues surrounding agency projects, activities or initiatives involving another agency’s information.

Learning outcomes

On completion of this course, participants will:

• recognise exemptions and exceptions to information protection principles and the health privacy principles and where to find them
• understand legal measures to seek to avoid breaching the information protection principles and health privacy principles
• recognise key privacy issues impacting projects or activities between agencies or for agencies.

Recommended for: anyone working in NSW Government who may be directed to deal with an application for internal review under the NSW privacy legislation.

The course assumes participants have a basic knowledge of the information protection principles and the health privacy principles.

Course outline

This course provides practical guidance to those directed to deal with an application for internal review under s. 53 of the Privacy and Personal Information Protection Act 1998.

The course will cover the following topics:

• determining when a privacy complaint constitutes a valid internal review application
• setting the scope of the internal review to be conducted
• conducting the fact-finding investigation of the internal review
• what the reasons for the internal review should address
• dealing with querulant applicants
• setting the timeframes for the internal review process.

Learning outcomes

On completion of this course, participants will:

• understand good practice and the strategies to employ in conducting an internal review
• recognise some of the common pitfalls in responding to internal review applications and how to avoid them.

Recommended for: NSW Government employees who require an understanding of the GIPA Act and the implications of working under the Act.

It is assumed participants have limited or no experience with the GIPA Act.

Course outline

This course will cover the following topics: 

• what kind of information is available under the GIPA Act, and how it can be accessed
• how to process an application for information
• consulting with third parties
• how to determine whether there is an ‘overriding public interest against disclosure’
• preparing decisions under the GIPA Act
• avenues for seeking review of agency decisions.

The course will engage participants through interactive presentations, group discussions, and case studies based on real problems encountered by government agencies.

Learning outcomes

On completion of this course, participants will understand:

• what the GIPA Act covers, and what government information may be accessed under the Act
• how to efficiently process formal and informal GIPA Act applications
• applicable fees and charges
• what constitutes an ‘overriding public interest against disclosure’ and how to apply the balancing test
• avenues of review or appeal of agency decisions.

Recommended for: those who have completed our Introduction to the GIPA Act course, and for those with some experience in applying the GIPA Act.

It is assumed participants have knowledge of the key concepts covered in the Introduction to the GIPA Act course.

Course outline

This course will cover the following topics:

• the application of the ‘overriding public interest against disclosure’ test in complex cases
• the operation of the conclusive presumption of an overriding public interest against disclosure
• the impact of the applicant’s identity and purpose in seeking information under the GIPA Act.

The course will engage participants through interactive presentations, group discussions, and case studies based on real problems encountered by government agencies.

Learning outcomes

On completion of this course, participants will understand:

• how to manage complex cases
• their obligations and compliance requirements under the GIPA Act.