Crown land managers (CLMs) may regularly deal with personal information about board members, employees and volunteers. You may also collect or hold information about visitors to the reserve, such as surf club members, rifle range users or caravan park guests.
As such, you need to be aware of your responsibilities under the Privacy & Personal Information Protection Act 1998 (PPIP Act), and how to deal with issues concerning your handling of private information.
Privacy obligations govern how you:
As a CLM, you will be mostly concerned with the personal information of individuals and its:
Gathering images through surveillance for security purposes may also be an issue for some CLMs.
An individual may complain if they feel you have misused their personal information or breached their privacy.
Personal information is essentially any information or opinions about a person where that person’s identity is apparent or can be fairly easily worked out. Personal information can include a person’s name, address, family life, sexual preferences, financial information, fingerprints and photos.
There are some kinds of information that are not considered personal information, for example information about someone who has been dead for more than 30 years, information about someone that is contained in a publicly available publication, or information or an opinion about a person’s suitability for employment as a public sector official. Health information is generally excluded because it is covered by the Health Records and Information Privacy Act 2002.
You need to comply with the PPIP Act’s information protection principles which describe what CLMs must do when collecting, storing, using and disclosing personal information.
In essence, you should collect only the information you need and make sure it is stored securely and only for as long as it's needed. You should also ensure the person involved: understands what information you’re collecting; consents to you collecting the information; understands why you’re collecting it and who (if anyone) it will be shared with.
Collection of personal information:
Storage:
Access:
Use:
Disclosure:
People have the right to seek an internal review under the PPIP Act if they think a CLM has breached the PPIP Act or Health Records and Information Privacy Act 2002 relating to their own personal information. People cannot seek an internal review for a breach of someone else’s privacy, unless they are authorised representatives of that other person.
People must apply for an internal review within six months of when they first become aware of the breach.
Under the PPIP Act, an application for internal review must:
If a CLM receives a request for internal review, you must immediately forward that request to the department.
A breach of privacy must be notified to the NSW Privacy Commissioner. This is done by the department's Director, Governance and Information Unit.
It makes sense to encourage people to try to resolve privacy issues informally before going through the formal review process, or to at least first discuss the matter with the department.
A person can also raise concerns by:
NSW Information and Privacy Commission
GPO Box 7011, Sydney. NSW 2001
Tel: 1800 472 679
E: ipcinfo@ipc.nsw.gov.au
Contact the department for more information.
This Crown land manager web resource was printed on 3 Oct 2023. The information contained in this web resource is based on knowledge and understanding at the time of writing Oct 2023. However, because of advances in knowledge, users are reminded of the need to ensure that the information upon which they rely is up to date and to check the currency of the information by referring to the website (www.reservemanager.nsw.gov.au).
© State of New South Wales through Department of Planning, Industry & Environment 2023.
Page link: https://reservemanager.crownland.nsw.gov.au/administration/privacy-and-personal-infomation