No longer on display. Expired on
10 May 2023, 05:00 PM
Council has prepared a new draft Privacy Management Plan, based on NSW Information and Privacy Commission (IPC) guidelines and informed by the Privacy Management Plans of other NSW councils and guidance provided by other jurisdictions.
The Privacy and Personal Information Protection Act 1998 (PPIP Act) outlines the obligations all NSW government agencies (including councils) have to protect the personal information they collect about individuals. The PPIP Act requires agencies to prepare and implement a Privacy Management Plan. Council’s current Privacy Management Plan was adopted by Council in February 2013 and requires review.
A Privacy Management Plan should comply with section 33 of the PPIP Act and contain provisions relating to:
- the agency’s policies and practices for complying with the PPIP Act and the HRIP Act;
- how the agency will make its staff aware of these policies and practices;
- the agency’s procedures for dealing with privacy internal reviews under Part 5 of the PPIP Act;
- other relevant matters relating to the protection of the personal and health information that the agency holds.
In the interests of building better practices and culture within Council, the draft plan includes additional information and strategies relating to:
- Privacy by design - recommendations that staff consider whether a privacy impact assessment should be undertaken when implementing new software or commencing other projects that involve the collection and use of personal information.
- Privacy notices - statements in paper and online forms notifying people about why their information is being collected, how it will be used and their rights under privacy laws.
- Securing and labelling records containing personal or health information.
- Cyber-security and Council’s approach to data breaches.
Council at its meeting on 21 March 2023 considered a report on the matter and resolved:
That Council:
A. exhibit the draft Privacy Management Plan for a period of 28 days. If any submissions are received, that the matter be reported back to Council after the consultation period. If no submissions are received, that Council adopt the draft Plan as attached to this report.
B. send a copy of the adopted Privacy Management Plan to the NSW Privacy Commissioner.
View the report considered by Council together with the draft Policy.
Exhibition document
Draft Privacy Management Plan(PDF, 490KB)
Providing feedback
Comments must be in writing and quote reference number S14108.
Email krg@krg.nsw.gov.au
or post: Manager, Governance and Corporate Strategy, Ku-ring-gai Council, Locked Bag 1006 Gordon NSW 2072.
Submissions close 5pm, 10 May 2023.