Promoting the plan

Executive and governance

The senior executive team is committed to transparency about how NESA complies with the Privacy and Personal Information Protection Act 1998 (NSW) (PPIP Act) and the Health Records and Information Privacy Act 2002 (NSW) (HRIP Act) and reinforces compliance by:

• endorsing the plan and making it publicly available
• ensuring the plan is reviewed and updated at least annually
• reporting on privacy issues in the NESA Annual Report in line with the Annual Reports (Statutory Bodies) Act 1984 (NSW)
• confirming support for privacy compliance in the strategic plan and code of conduct
• promoting ongoing training and awareness raising for staff in privacy protection principles
• ensuring the application of IPPs and HPPs to data sharing requests and data analytics projects
• encouraging staff to seek advice from the Access and Privacy Officer when implementing new systems, or existing tools for collecting personal information are updated, to ensure identification of privacy issues and compliance with privacy law.

NESA staff

NESA makes sure that staff are aware of and understand this plan, particularly how it applies to the work they do. This plan has been written so that staff can understand their privacy obligations, how to manage personal and health information in their work and what to do if unsure.

NESA makes staff aware of their privacy obligations by:

• publishing the plan on NESA's website
• including the plan in induction training and offering refresher training as required
• encouraging them to seek specialist advice from the Access and Privacy Officer, relating to the interpretation and practical implementation of the privacy legislation
• highlighting the plan at least once a year, for example during Privacy Awareness Week.

When staff have questions about how to manage personal and health information and this plan does not directly answer them, they should consult their manager or the Access and Privacy Officer.

Contractors

NESA may use the services of contractors to provide services to or for the NESA office. If they will have or are likely to have access to personal information NESA advise them of their obligation to manage personal and health information in line with the 12 Information Protection Principles (IPPs) from the PIPP Act and 15 Health Privacy Principles (HPPs) from the HRIP Act and NESA’s information security policies.

Public awareness

This plan is a guarantee of service to NESA's stakeholders of how NESA manages personal and health information. Because it is central to how NESA does business, NESA will make this plan easy to access and easy to understand for people from all kinds of backgrounds. NESA is required to make this plan publicly available as open access information under the GIPA Act.