This document provides an overview of privacy obligations for staff at the Department of Education. It discusses laws and guidelines around privacy including the Privacy and Personal Information Protection Act 1998, Government Information (Public Access) Act 2009, and Health Records and Information Privacy Act 2002. It defines personal and sensitive information and outlines rules for collecting, using, storing and disclosing personal data. Specific roles that commonly deal with personal information like data analysts, HR staff and administrators are discussed. Aggregate versus unit-level data and releasing information is also covered.
Schools, funding and performance: Lessons from the NSW National Partnerships. On November 18, Professor Stephen Lamb presented at a CESE Seminar on:
• Recent changes in school funding
• Evidence of impact of funding
• Evidence from evaluations of NSW low SES National Partnerships
• Conditions for ensuring success.
A look at how to launch an espionage thriller writer onto the global stage fro the ground up. Presented at Open Access Forum, selling your book in a digital age, at the NSW Writers' Centre.
What works best: Evidence-based practices to help improve NSW student perform...NSWCESE
‘What works best’ identifies brings together seven themes from the growing bank of evidence we have for what works to improve student educational outcomes
Schools, funding and performance: Lessons from the NSW National Partnerships. On November 18, Professor Stephen Lamb presented at a CESE Seminar on:
• Recent changes in school funding
• Evidence of impact of funding
• Evidence from evaluations of NSW low SES National Partnerships
• Conditions for ensuring success.
A look at how to launch an espionage thriller writer onto the global stage fro the ground up. Presented at Open Access Forum, selling your book in a digital age, at the NSW Writers' Centre.
What works best: Evidence-based practices to help improve NSW student perform...NSWCESE
‘What works best’ identifies brings together seven themes from the growing bank of evidence we have for what works to improve student educational outcomes
Implementation of Data Privacy and Security in an Online Student Health Recor...Kato Mivule
Kato Mivule, Stephen Otunba, Tattwamasi Tripathy, Sharad and Sharma, "Implementation of Data Privacy and Security in an Online Student Health Records System", Proceedings at the ISCA 21th Int Conf on Software Engineering and Data Engineering (SEDE-2012), Pages 143-148, Los Angeles, CA, USA
Each information is a set of new data about a fact or event, hitherto unknown by increasing the knowledge increment. In the field of education and knowledge, information is created, transmitted and received extremely dynamically. The paper describes the procedures for categorizing information sets according to the set security goals represented in the field of education, transferring levels of influence higher or lower than the default based on the magnitude of the damage caused by compromising information. Due to the fact that the level of influence of information is related to the activity of the Commissioner for Information of Public Importance, when analyzing the content, there is a compromise of different types of information.
Training innovations information governance slideshare 2015Patrick Doyle
What you will learn in this training:
Principles of Information Governance and their application to health and social care organisations
Accessing Information Governance resources including national legislation, guidance and local policies & procedures
Health and social care organisations’ responsibilities
Protection of an individual’s confidentiality and the Caldicott Principles
How to practice and promote a confidential service
Principles of ensuring and maintaining good client records
Recognising / responding to Freedom of Information requests
Keeping Information Secure
“Data localisation or data residency laws require data about a nations' citizens or residents be collected, processed, and/or stored inside the country, often before being transferred internationally, and usually transferred only after meeting local privacy or data protection laws, such as giving the user notice of how the information will be used and obtaining their consent.” - Wikipedia
The Student Data Privacy Manifesto begins a reasonable conversation among parents, education leaders, and technology providers on the future of student data privacy protection and transparency.
Introduction to US Privacy and Data Security: Regulations and RequirementsFinancial Poise
The United States has no federal data security or privacy law covering all businesses or all U.S. citizens. Instead, federal agencies and individual states have created their own patchwork of laws and regulations which must be evaluated for their application to a business.
This webinar will help you navigate the overlapping and sometimes confusing system of laws and regulations which may impact your business, ranging from emerging state-level privacy legislation to the numerous data breach notification statutes to cybersecurity regulations with extraterritorial effect.
Part of the webinar series: CYBERSECURITY & DATA PRIVACY 2022
See more at https://www.financialpoise.com/webinars/
Startups operating in the health IT sector have a legal obligation to safeguard health records in their custody and ensure that they are securely retained and transferred.
Complying with the industry privacy laws can be daunting. In many cases, it can pose a barrier to entry for startups.
Whether you are new to the sector or want to deepen your understanding of the laws, we can help. A question-and-answer period will follow the main presentation.
Implementation of Data Privacy and Security in an Online Student Health Recor...Kato Mivule
Kato Mivule, Stephen Otunba, Tattwamasi Tripathy, Sharad and Sharma, "Implementation of Data Privacy and Security in an Online Student Health Records System", Proceedings at the ISCA 21th Int Conf on Software Engineering and Data Engineering (SEDE-2012), Pages 143-148, Los Angeles, CA, USA
Each information is a set of new data about a fact or event, hitherto unknown by increasing the knowledge increment. In the field of education and knowledge, information is created, transmitted and received extremely dynamically. The paper describes the procedures for categorizing information sets according to the set security goals represented in the field of education, transferring levels of influence higher or lower than the default based on the magnitude of the damage caused by compromising information. Due to the fact that the level of influence of information is related to the activity of the Commissioner for Information of Public Importance, when analyzing the content, there is a compromise of different types of information.
Training innovations information governance slideshare 2015Patrick Doyle
What you will learn in this training:
Principles of Information Governance and their application to health and social care organisations
Accessing Information Governance resources including national legislation, guidance and local policies & procedures
Health and social care organisations’ responsibilities
Protection of an individual’s confidentiality and the Caldicott Principles
How to practice and promote a confidential service
Principles of ensuring and maintaining good client records
Recognising / responding to Freedom of Information requests
Keeping Information Secure
“Data localisation or data residency laws require data about a nations' citizens or residents be collected, processed, and/or stored inside the country, often before being transferred internationally, and usually transferred only after meeting local privacy or data protection laws, such as giving the user notice of how the information will be used and obtaining their consent.” - Wikipedia
The Student Data Privacy Manifesto begins a reasonable conversation among parents, education leaders, and technology providers on the future of student data privacy protection and transparency.
Introduction to US Privacy and Data Security: Regulations and RequirementsFinancial Poise
The United States has no federal data security or privacy law covering all businesses or all U.S. citizens. Instead, federal agencies and individual states have created their own patchwork of laws and regulations which must be evaluated for their application to a business.
This webinar will help you navigate the overlapping and sometimes confusing system of laws and regulations which may impact your business, ranging from emerging state-level privacy legislation to the numerous data breach notification statutes to cybersecurity regulations with extraterritorial effect.
Part of the webinar series: CYBERSECURITY & DATA PRIVACY 2022
See more at https://www.financialpoise.com/webinars/
Startups operating in the health IT sector have a legal obligation to safeguard health records in their custody and ensure that they are securely retained and transferred.
Complying with the industry privacy laws can be daunting. In many cases, it can pose a barrier to entry for startups.
Whether you are new to the sector or want to deepen your understanding of the laws, we can help. A question-and-answer period will follow the main presentation.
Falcon stands out as a top-tier P2P Invoice Discounting platform in India, bridging esteemed blue-chip companies and eager investors. Our goal is to transform the investment landscape in India by establishing a comprehensive destination for borrowers and investors with diverse profiles and needs, all while minimizing risk. What sets Falcon apart is the elimination of intermediaries such as commercial banks and depository institutions, allowing investors to enjoy higher yields.
"𝑩𝑬𝑮𝑼𝑵 𝑾𝑰𝑻𝑯 𝑻𝑱 𝑰𝑺 𝑯𝑨𝑳𝑭 𝑫𝑶𝑵𝑬"
𝐓𝐉 𝐂𝐨𝐦𝐬 (𝐓𝐉 𝐂𝐨𝐦𝐦𝐮𝐧𝐢𝐜𝐚𝐭𝐢𝐨𝐧𝐬) is a professional event agency that includes experts in the event-organizing market in Vietnam, Korea, and ASEAN countries. We provide unlimited types of events from Music concerts, Fan meetings, and Culture festivals to Corporate events, Internal company events, Golf tournaments, MICE events, and Exhibitions.
𝐓𝐉 𝐂𝐨𝐦𝐬 provides unlimited package services including such as Event organizing, Event planning, Event production, Manpower, PR marketing, Design 2D/3D, VIP protocols, Interpreter agency, etc.
Sports events - Golf competitions/billiards competitions/company sports events: dynamic and challenging
⭐ 𝐅𝐞𝐚𝐭𝐮𝐫𝐞𝐝 𝐩𝐫𝐨𝐣𝐞𝐜𝐭𝐬:
➢ 2024 BAEKHYUN [Lonsdaleite] IN HO CHI MINH
➢ SUPER JUNIOR-L.S.S. THE SHOW : Th3ee Guys in HO CHI MINH
➢FreenBecky 1st Fan Meeting in Vietnam
➢CHILDREN ART EXHIBITION 2024: BEYOND BARRIERS
➢ WOW K-Music Festival 2023
➢ Winner [CROSS] Tour in HCM
➢ Super Show 9 in HCM with Super Junior
➢ HCMC - Gyeongsangbuk-do Culture and Tourism Festival
➢ Korean Vietnam Partnership - Fair with LG
➢ Korean President visits Samsung Electronics R&D Center
➢ Vietnam Food Expo with Lotte Wellfood
"𝐄𝐯𝐞𝐫𝐲 𝐞𝐯𝐞𝐧𝐭 𝐢𝐬 𝐚 𝐬𝐭𝐨𝐫𝐲, 𝐚 𝐬𝐩𝐞𝐜𝐢𝐚𝐥 𝐣𝐨𝐮𝐫𝐧𝐞𝐲. 𝐖𝐞 𝐚𝐥𝐰𝐚𝐲𝐬 𝐛𝐞𝐥𝐢𝐞𝐯𝐞 𝐭𝐡𝐚𝐭 𝐬𝐡𝐨𝐫𝐭𝐥𝐲 𝐲𝐨𝐮 𝐰𝐢𝐥𝐥 𝐛𝐞 𝐚 𝐩𝐚𝐫𝐭 𝐨𝐟 𝐨𝐮𝐫 𝐬𝐭𝐨𝐫𝐢𝐞𝐬."
LA HUG - Video Testimonials with Chynna Morgan - June 2024Lital Barkan
Have you ever heard that user-generated content or video testimonials can take your brand to the next level? We will explore how you can effectively use video testimonials to leverage and boost your sales, content strategy, and increase your CRM data.🤯
We will dig deeper into:
1. How to capture video testimonials that convert from your audience 🎥
2. How to leverage your testimonials to boost your sales 💲
3. How you can capture more CRM data to understand your audience better through video testimonials. 📊
What is the TDS Return Filing Due Date for FY 2024-25.pdfseoforlegalpillers
It is crucial for the taxpayers to understand about the TDS Return Filing Due Date, so that they can fulfill your TDS obligations efficiently. Taxpayers can avoid penalties by sticking to the deadlines and by accurate filing of TDS. Timely filing of TDS will make sure about the availability of tax credits. You can also seek the professional guidance of experts like Legal Pillers for timely filing of the TDS Return.
Enterprise Excellence is Inclusive Excellence.pdfKaiNexus
Enterprise excellence and inclusive excellence are closely linked, and real-world challenges have shown that both are essential to the success of any organization. To achieve enterprise excellence, organizations must focus on improving their operations and processes while creating an inclusive environment that engages everyone. In this interactive session, the facilitator will highlight commonly established business practices and how they limit our ability to engage everyone every day. More importantly, though, participants will likely gain increased awareness of what we can do differently to maximize enterprise excellence through deliberate inclusion.
What is Enterprise Excellence?
Enterprise Excellence is a holistic approach that's aimed at achieving world-class performance across all aspects of the organization.
What might I learn?
A way to engage all in creating Inclusive Excellence. Lessons from the US military and their parallels to the story of Harry Potter. How belt systems and CI teams can destroy inclusive practices. How leadership language invites people to the party. There are three things leaders can do to engage everyone every day: maximizing psychological safety to create environments where folks learn, contribute, and challenge the status quo.
Who might benefit? Anyone and everyone leading folks from the shop floor to top floor.
Dr. William Harvey is a seasoned Operations Leader with extensive experience in chemical processing, manufacturing, and operations management. At Michelman, he currently oversees multiple sites, leading teams in strategic planning and coaching/practicing continuous improvement. William is set to start his eighth year of teaching at the University of Cincinnati where he teaches marketing, finance, and management. William holds various certifications in change management, quality, leadership, operational excellence, team building, and DiSC, among others.
Unveiling the Secrets How Does Generative AI Work.pdfSam H
At its core, generative artificial intelligence relies on the concept of generative models, which serve as engines that churn out entirely new data resembling their training data. It is like a sculptor who has studied so many forms found in nature and then uses this knowledge to create sculptures from his imagination that have never been seen before anywhere else. If taken to cyberspace, gans work almost the same way.
Putting the SPARK into Virtual Training.pptxCynthia Clay
This 60-minute webinar, sponsored by Adobe, was delivered for the Training Mag Network. It explored the five elements of SPARK: Storytelling, Purpose, Action, Relationships, and Kudos. Knowing how to tell a well-structured story is key to building long-term memory. Stating a clear purpose that doesn't take away from the discovery learning process is critical. Ensuring that people move from theory to practical application is imperative. Creating strong social learning is the key to commitment and engagement. Validating and affirming participants' comments is the way to create a positive learning environment.
Implicitly or explicitly all competing businesses employ a strategy to select a mix
of marketing resources. Formulating such competitive strategies fundamentally
involves recognizing relationships between elements of the marketing mix (e.g.,
price and product quality), as well as assessing competitive and market conditions
(i.e., industry structure in the language of economics).
Affordable Stationery Printing Services in Jaipur | Navpack n PrintNavpack & Print
Looking for professional printing services in Jaipur? Navpack n Print offers high-quality and affordable stationery printing for all your business needs. Stand out with custom stationery designs and fast turnaround times. Contact us today for a quote!
VAT Registration Outlined In UAE: Benefits and Requirementsuae taxgpt
Vat Registration is a legal obligation for businesses meeting the threshold requirement, helping companies avoid fines and ramifications. Contact now!
https://viralsocialtrends.com/vat-registration-outlined-in-uae/
Improving profitability for small businessBen Wann
In this comprehensive presentation, we will explore strategies and practical tips for enhancing profitability in small businesses. Tailored to meet the unique challenges faced by small enterprises, this session covers various aspects that directly impact the bottom line. Attendees will learn how to optimize operational efficiency, manage expenses, and increase revenue through innovative marketing and customer engagement techniques.
Business Valuation Principles for EntrepreneursBen Wann
This insightful presentation is designed to equip entrepreneurs with the essential knowledge and tools needed to accurately value their businesses. Understanding business valuation is crucial for making informed decisions, whether you're seeking investment, planning to sell, or simply want to gauge your company's worth.
2. CENTRE FOR EDUCATION STATISTICS AND EVALUATION WWW.CESE.NSW.GOV.AU
Understanding privacy obligations is important for all staff
The Department of
Education collects and
manages a vast amount
of information, much of it
personal information
about its staff, students
and parents. As an
employee, it is vital that
you understand how to
work with this
information.
2
3. CENTRE FOR EDUCATION STATISTICS AND EVALUATION WWW.CESE.NSW.GOV.AU
Which laws, regulations and guidelines set out Information
Access and Privacy protocols?
3
Privacy and
Personal
Information
Protection Act
1998 (PPIP)
Government
Information
(Public Access)
Act 2009 (GIPA)
Health Records
and Information
Privacy Act
2002 (HRIP)
GIPA Act
Regulations
Agency Privacy
Management
Plans (PMP)
Privacy codes of
practice
Commissioner’s
guidelines
4. CENTRE FOR EDUCATION STATISTICS AND EVALUATION WWW.CESE.NSW.GOV.AU
What is personal information?
4
Personal information is
information or an opinion
about an individual.
The individual’s identity
needs to be apparent or
reasonably ascertainable.
5. CENTRE FOR EDUCATION STATISTICS AND EVALUATION WWW.CESE.NSW.GOV.AU
Sensitive and Health Information are types of personal
information that require extra protection
5
Sensitive Information
“Ethnic or racial origin, political
opinions, religious or philosophical
beliefs, ATSI status, country of birth,
LBOTE and chosen/preferred SRE
class”
(s.19(1) PPIP Act)
PPIPA
Privacy and Personal Information
Protection Act 1998
Health Information
Information about an individual’s
health, disability or health services
(s.6 HRIP Act)
HRIPA
Health Records and Information Protection
Act 2002
Note: The extra protection categories do not mean that these types of personal information can never be
collected, used or disclosed. They just have tougher rules, so extra care is needed with these categories.
6. CENTRE FOR EDUCATION STATISTICS AND EVALUATION WWW.CESE.NSW.GOV.AU
Collecting personal information is regulated by rules known as
Privacy Principles
6
The information must:
1) Fulfil a lawful purpose
2) Be relevant
3) Be accurate
It must not:
1) Be excessive
2) Be intrusive to an unreasonable
extent on the personal affairs of the
subject
EXAMPLE
Enrolment data, such as names,
addresses, medical information, etc. is
clearly authorised by the Department’s
governing and other legislation for the
purpose of operating schools effectively
and safely.
7. CENTRE FOR EDUCATION STATISTICS AND EVALUATION WWW.CESE.NSW.GOV.AU
Personal information should only be used for the primary
purpose for which it was collected, unless:
7
The person has
consented
Where authorised
or required by
another law
It is for a directly
related secondary
purpose within
their reasonable
expectations
To deal with a
serious and
imminent threat to
any person
8. CENTRE FOR EDUCATION STATISTICS AND EVALUATION WWW.CESE.NSW.GOV.AU
Questions we must ask when collecting and using personal
information include:
8
Is it reasonably necessary to
include this particular data?
If the Department received a
complaint about breaching
privacy, could we reasonably
argue that the use or disclosure
was necessary for us to do our
core business?
Is this data ‘directly related’
to my work?
9. CENTRE FOR EDUCATION STATISTICS AND EVALUATION WWW.CESE.NSW.GOV.AU
Any information collected by the Department can only be
used for limited purposes
9
Operational (School-level)
• Allocation of classes
• Determining demand for special religious
education classes
• Arranging for interpreters when needed
for parent teacher interviews
• Managing students with safety risks
e.g. allergies
Strategic (Departmental-level)
• The calculation of the family occupation
and education index (FOEI) for each
school.
• The allocation of resources for each
school.
For example: Enrolment data is collected for a primary purpose, which is to
enrol a student. However, there are a range of directly related secondary
purposes for which that data can be used, such as:
10. CENTRE FOR EDUCATION STATISTICS AND EVALUATION WWW.CESE.NSW.GOV.AU
When collecting data, it is important that we tell people
how we will use their information
10
• General student administration
relating to the education and
welfare of the student.
• Communication with students
and parents or carers.
• To ensure health, safety and
welfare of students, staff and
visitors to the school.
• State and National Reporting
purposes.
11. CENTRE FOR EDUCATION STATISTICS AND EVALUATION WWW.CESE.NSW.GOV.AU 11
It allows staff to be aware of what data we have.
The Business Unit knows who to go to for help or access to
certain information.
The privacy status for the dataset is made explicit.
It identifies whether general release to the public is allowed (at
an aggregated level, for instance).
The Department’s Information Asset Register tells us what
data we have and how we are protecting it
12. CENTRE FOR EDUCATION STATISTICS AND EVALUATION WWW.CESE.NSW.GOV.AU
Some roles are more likely to deal with personal information
on a daily basis
12
Data Analysts
People and Services Staff
Hiring Managers
13. CENTRE FOR EDUCATION STATISTICS AND EVALUATION WWW.CESE.NSW.GOV.AU
Another role who may come across personal information is an
Administration Support Officer
13
When dealing with data I must
follow the appropriate steps:
• Only use data relevant to my
task (e.g. email addresses
rather than survey responses).
• Ensure I only use data for the
purpose for which it was
collected.
• Make sure the data isn’t saved
somewhere where it can be
accessed by anyone outside the
team responsible for it.
14. CENTRE FOR EDUCATION STATISTICS AND EVALUATION WWW.CESE.NSW.GOV.AU
Recruitment also requires us to work carefully with personal
information
14
A reminder: Do not put confidential or personal documents in the recycle box. It must be shredded first.
.
After receiving applicants’
resumes and identification
documents we:
• Must secure personal
information – lock these away.
• Should dispose of them by
shredding them once the
recruitment process is finished.
• Must not disclose any personal
information about the
candidates to other people
who are not part of the
recruitment process.
15. CENTRE FOR EDUCATION STATISTICS AND EVALUATION WWW.CESE.NSW.GOV.AU
The GIPA Act establishes a
proactive, more open
approach to gaining access
to government
information in NSW. This is
to ensure Government is
open, accountable, fair
and effective.
As part of The Government Information (Public Access) Act
2009 there is a presumption that data can be made readily
available if needed
15
http://www.ipc.nsw.gov.au/gipa-act
Data released under
GIPA is still subject to a
privacy test.
The GIPA Act
• Authorises and encourages the proactive release of
information by NSW public sectors.
• Gives members of the public a legally enforceable
right to access government information.
• Ensures that access to government information is
restricted only when there is an overriding public
interest against release.
16. CENTRE FOR EDUCATION STATISTICS AND EVALUATION WWW.CESE.NSW.GOV.AU
Bradley Cooper’s taxi ride: a lesson in privacy risk.
16
http://www.salingerprivacy.com.au/2015/04/19/bradley-coopers-taxi-ride-a-lesson-in-privacy-risk/
• Salinger Privacy produced
an article on privacy risks
and ‘open data’.
• Bradley Cooper’s taxi ride
is a useful reminder of the
risks of re-identification of
data.
17. CENTRE FOR EDUCATION STATISTICS AND EVALUATION WWW.CESE.NSW.GOV.AU 17
We can disclose personal information outside the
Department if:
It is authorised or
required by another
law.
It is under another
exemption, such as law
enforcement, research,
etc.
The information is not
“sensitive information”
(ethnicity, religion, etc),
and disclosure is for the
primary purpose for
which it was collected.
We have the consent of
the individual.
18. CENTRE FOR EDUCATION STATISTICS AND EVALUATION WWW.CESE.NSW.GOV.AU
We can disclose personal information outside the Department
18
When it is: Sensitive info Health info Other personal info
with their consent
for the purpose for
which it was collected
for a directly related
secondary purpose
(within expectations)
for the purpose you
notified them about
authorised or required
by another law, or
another exemption
19. CENTRE FOR EDUCATION STATISTICS AND EVALUATION WWW.CESE.NSW.GOV.AU
AGGREGATE DATA
• Aggregate data: summary
information, for example, data on
schools in remote areas, broken
down by school year, gender and
Indigenous status.
• Even with aggregate data, there is a
risk that individual students or
teachers could be identified from
the data. Safeguards must be
applied in such cases, with
strategies to ‘anonymise’ the data.
19
UNIT RECORD DATA
• Unit Record data: about a unique
individual contains details that
allows an individual to be
identified, such as names, or a
Student Registration Number.
Types of data we deal with:
20. CENTRE FOR EDUCATION STATISTICS AND EVALUATION WWW.CESE.NSW.GOV.AU
How the data we deal with can be released:
20
AGGREGATE DATA
• Aggregate data is released on the
basis that:
1. No information that permits the
identification of individuals is
released
2. Data released is valid and reliable
3. It is of high quality
UNIT RECORD DATA
• Unit record data may only be
released on the basis that it:
1. Complies with privacy principles
that says we can disclose personal
information.
21. CENTRE FOR EDUCATION STATISTICS AND EVALUATION WWW.CESE.NSW.GOV.AU
More information or assistance
Personal Information and Privacy Protection Act 1998 (PIPPA)
http://www.legislation.nsw.gov.au/inforcepdf/1998-133.pdf?id=1db809e7-46ab-44c1-bce5-d12f0058a002
Health Records and Information Privacy Act 2002 (HRIPA)
http://www.austlii.edu.au/au/legis/nsw/consol_act/hraipa2002370/
Department of Education Privacy Management Plan
https://www.det.nsw.edu.au/media/downloads/reports_stats/privacy/privacy-management-plan-march-2014.pdf
Department of Education Privacy Code of Practice
http://www.dec.nsw.gov.au/documents/15060385/15385042/Privacy_code.pdf
Department of Education Privacy & Information Access Resources
Information Access - https://detwww.det.nsw.edu.au/lists/directoratesaz/legalservices/foi/index.htm (see also link to website)
Privacy - https://detwww.det.nsw.edu.au/lists/directoratesaz/legalservices/ls/privacy/index.htm
http://www.dec.nsw.gov.au/about-us/plans-reports-and-statistics/privacy
Privacy Bulletin - https://detwww.det.nsw.edu.au/media/downloads/directoratesaz/legalservices/ls/privacy/bulletins/bulletin3.pdf
Government Information (Public Access) Act 2009 (GIPAA)
http://www.legislation.nsw.gov.au/maintop/view/inforce/act+52+2009+cd+0+N
21