Related policies and legislation

This section includes information about policies and legislation that are related to this Privacy Management Plan.

Related legislation

• Government Information (Public Access) Act 2009 (NSW)
  The operation of GIPA is not affected by the operation of PPIPA and HRIPA. Note that GIPA may provide access to various documents held by DCS to any person, but subject to the operation of various exemptions in the GIPA Act. PPIPA and HRIPA generally only allow access to information your own personal information. 

• State Records Act 1998 (NSW)
  DCS is required to comply with the NSW State Records Act 1998 and the associated Standard on Records Management issued by the State Archives & Records Authority of NSW. Those requirements provide overall guidance on the practical requirements for effective records and information management including retention periods and disposal of records and should be considered in conjunction with the NSW Privacy Laws. 
• Privacy and Personal Information Protection Regulation 2019 
• Health Records and Information Privacy Regulation 2022 
• Public Interest Disclosures Act 2022  
• ID Support NSW Privacy Code of Practice (Identity remediation services) 
• Privacy Act 1988 (Cth) 

Related policies

DCS has developed the following policy documents to ensure compliance with the privacy legislation: 

• DCS Privacy Management Framework: this framework is a direction for DCS employees on how the principles and aims of the DCS PMP are embedded in the agency’s integrated policies, operating plans business processes and work practices.  
• DCS Data Privacy Incident Response Plan: outlines how DCS responds to, and recovers from suspected, potential, or actual data incidents, including privacy breaches.   
• DCS Risk Management Policy: sets out the principles and requirements of our risk management approach for all risk categories, including privacy. 
• Information Data Governance Framework: applies across all DCS divisions and its agencies to enable the effective management and application of information and data. This framework formally establishes an organisation’s approach to Information Governance. 
• Information Security Policy: the purpose is to document the expected security behaviours and practices that DCS requires its employees and approved users to comply with.  
• Procurement manual for DCS: sets out the policy and operating framework for procurement within DCS. 
• DCS Code of Ethics and Conduct: outlines the responsibilities of our employees in protecting personal information in the course of their duties. All employees are provided with a copy of the Code and are regularly reminded of their obligations.