Law: Privacy and Personal Information Protection Act 1998 No. 133 (the Act). Please note that the Act only applies to public bodies. Private organisations are subject to the federal Privacy Act 1988.

Regulator: Information and Privacy Commission (IPC)

Summary: There is no separate, territorial level private sector data protection law in New South Wales. Alongside the Act, which regulates the use of personal information by public bodies, the Health Records and Information Privacy Act 2002 (the HRIP) sets out data protection requirements for health information and outlines data subject rights in relation to health data including right to rectification and access. The IPC works to ensure compliance with both the Act and the HRIP. There have been suggestions from the IPC that the scope of the Act should be amended to include certain service providers working with public bodies, in a similar manner to legislation in Queensland. While such proposals have not been enacted, in the case of Evans v Health Administration Corporation NSWSC 1781, the Supreme Court of New South Wales delivered a judgment that included a Deed of Settlement following a class action lawsuit related to a breach of medical records.