New South Wales Consolidated Acts

PRIVACY AND PERSONAL INFORMATION PROTECTION ACT 1998 - SECT 33

33 Preparation and implementation of privacy management plans

(1) Each public sector agency must have and implement a privacy management plan.

(2) The privacy management plan of a public sector agency must include provisions relating to the following--

(a) the devising of policies and practices to ensure compliance by the agency with the requirements of this Act or the Health Records and Information Privacy Act 2002 , if applicable,

(b) the dissemination of those policies and practices to persons within the agency,

(c) the procedures that the agency proposes to provide in relation to internal review under Part 5,

(c1) the procedures and practices used by the agency to ensure compliance with the obligations and responsibilities set out in Part 6A for the mandatory notification of data breach scheme,

(d) such other matters as are considered relevant by the agency in relation to privacy and the protection of personal information held by the agency.

(4) An agency may amend its privacy management plan from time to time.

(5) An agency must provide a copy of its privacy management plan to the Privacy Commissioner as soon as practicable after it is prepared and whenever the plan is amended.

(6) The regulations may make provision for or with respect to privacy management plans, including exempting certain public sector agencies (or classes of agencies) from the requirements of this section.