The NSW Data Cloud privacy policy and collection notice

This Privacy policy covers personal information collected on the NSW Data Cloud, how it is secured and kept safe, and what we do with the information we collect.


About this Policy 
 

The NSW Data Cloud is a whole of government platform, hosted and managed by the NSW Data Analytics Centre (DAC) on behalf of the NSW Government. The DAC is a part of the NSW Department of Customer Service (DCS).

 

The NSW Data Cloud enables NSW Government agencies to safely and efficiently share data with each other, with government agencies in other jurisdictions, and with research and community organisations as appropriate. 


This Privacy Policy applies specifically to the handling of personal information by the NSW Data Analytics Centre within the Department of Customer Service (referred to together as ‘we’, ‘us’ ‘our’) in connection with the NSW Data Cloud. It outlines the kinds of personal information we collect, why we collect it, and how we handle it for the purposes of providing NSW Data Cloud services.

 

In the Privacy policy: 
 

  • personal information is defined in Section 4 of the NSW Personal Information and Privacy and Personal Information Protection Act 1998 (PPIP Act) as “Information or an opinion (including information or an opinion forming part of a database and whether or not in a recorded form) about an individual whose identity is apparent or can be reasonably be ascertained from the information or opinion”. It may include information about you such as your name and contact information.
  • sensitive information is a subset of personal information. It includes information such as your personal information relating to an individual’s ethnic or racial origin, political opinions, religious or philosophical beliefs, trade union membership, sexual activities.
  • health information is defined in Health Records and Information Privacy Act 2002 (HRIP Act) as personal information that is information or an opinion about:
    • the physical or mental health or a disability (at any time) of an individual, or
    • an individual’s express wishes about the future provision of health services to him or her, or a health service provided, or to be provided, to an individual, or
    • other personal information collected to provide, or in providing, a health service, or
    • other personal information about an individual collected in connection with the donation, or intended donation, of an individual’s body parts, organs or body substances, or
    • other personal information that is genetic information about an individual arising from a health service provided to the individual in a form that is or could be predictive of the health (at any time) of the individual or of a genetic relative of the individual, or
    • healthcare identifiers.

 

You should read the Privacy policy and collection notice if you are:

  • using the NSW Data Cloud to make, contribute to or assess data requests
  • using the NSW Data Cloud to make, contribute to and/or manage data sharing agreements
  • if you are an individual person named in a data sharing agreement. 
     

How we collect personal information 
We collect personal information (including some sensitive information) in different ways including:

  • from the NSW Data Cloud online portal (such as when you make an application or register to use the NSW Data Cloud)
  • through online forms and documents that have been provided to us
  • through correspondence with you (e.g. emails or phone calls)
  • from an organisation that you work for.

 

What personal information we collect

We may collect different kinds of information about you. This can include:

  • personal information about you such as your name, position title and email address
  • further specific personal information about you if you are accessing sensitive data (such as your national police check, and children check number). 

When you access and use the NSW Data Cloud the website server logs the following information:

  • the type of browser and operating system you are using
  • the address of the referring site (for example, the Google search page)
  • your IP address (a number which is unique to the modem, router or gateway that connects you to the internet)
  • the date, time and address of each page you visit
  • how long you visited each page
  • the date, time and address of each data product and other content you upload to or download from the NSW Data Cloud.

 

Why we collect information and how we use it 
We collect and use personal and health information in accordance with the PPIP Act, HRIP Act, Information Privacy Principles (IPPs) and the Health Privacy Principles (HPPs). The purpose of this is to facilitate your access to the NSW Data Cloud and to administer the NSW Data Cloud platform with IT support provided by the DAC. This includes:

  • Providing access to the NSW Data Cloud: We collect and use personal information to onboard users to the NSW Data Cloud and manage access so you can use the services of the NSW Data Cloud
  • Processing registrations to become a user: We collect and use personal information as part of the registration process to:
    • obtain and verify information provided in your registration form; and
    • communicate with you.
  • Managing data requests and data sharing agreements: We collect and use personal information to help government agencies manage data sharing requests and data sharing agreements so they can communicate with you about your data sharing request. We will also collect information to identify individuals who will have access to the data you have requested.
  • Maintaining registers: We will use personal information to maintain the user profiles and data sharing registers and dashboards.
  • Operating the NSW Data Cloud: We use information collected by the NSW Data Cloud to ensure that the NSW Data Cloud is operating effectively and efficiently and to respond to enquiries you may make to us about the NSW Data Cloud.
  • Manage and respond to requests for information or support (including requests made under the Government Information (Public Access) Act 2009 (GIPA Act))
  • Conduct statistical reporting and research, including to de-identify personal information so that any statistical reporting or research outcomes do not identify you or any other individuals
  • Undertake statistical analysis and system administration using information collected from our website. No attempt is made to identify users or their browsing activities, except where a law enforcement agency or the Commissioner is undertaking an investigation and has legal authority to identify users and/or their browsing activities.
  • Seek legal advice if required.

 

We may engage contractors to assist us undertake any of the above functions and activities. We ensure that all contractors are subject to the same legal requirements as our staff, including strict confidentiality, privacy and security obligations.

 

Who we disclose your information to 
We may need to disclose your personal information to others. We will protect your information by taking steps to ensure that any disclosure is done in accordance with the PPIP Act.

 

Disclosure of information overseas 
We will not disclose information outside Australia for any other reason, unless authorised by law.

How we store personal information 
We take reasonable steps to protect your personal information against misuse, interference and loss, and from unauthorised access, modification or disclosure. These include: 
 

  • any documents you provide us are stored securely and in accordance with NSW Government security guidelines
  • personal information you provide to us is only accessed by personnel on a ‘need-to-know’ basis and by authorised personnel
  • we monitor access to our digital systems with access only permitted with authenticated credentials
  • we ensure our buildings are secure
  • we regularly update and audit our data storage and data security requirements
  • access to your information from overseas is prohibited, as is storage of your information overseas. All electronic data is stored in a Microsoft Azure DCS approved data center. 
  • we ensure that we destroy or archive personal information we hold when it is no longer required, in accordance with the State Records Act 1998 No 17.

 

Are you required by law to provide us with this information?


Providing us with the requested information is not required by law. However, if you choose not to provide us with the requested information, we may not be able to provide or support your access to the NSW Data Cloud.

 

How to access and correct your personal information


Accessing your personal information


You have the right to ask for access to the personal information that we hold about you. You can do this using our contact details below.


If you ask us for access to the information we must give you access, unless there is a law that restricts us from giving you access.


If we refuse to give you access to your personal information, we will let you know in writing and will provide reasons for our refusal.


Updating your personal information


Under the PPIPA Act, you have a legal right to access and update your personal information. You can do this by emailing [email protected]. If you have a personal profile on the NSW Data Cloud, you may update the personal information present in that profile.


If you ask us to correct your personal information, we will take reasonable steps to correct your information if we consider that it is incorrect.


If we refuse to correct your personal information, we will let you know in writing and will provide reasons for our refusal.

 

How to make a complaint


How to complain to us


If you think we may have breached your privacy rights, you may contact us using the contact details set out below.


We will respond to your complaint promptly if you provide your contact details. You do not need to provide your name, or can use a pseudonym, but we may not be able to fully investigate and resolve your complaint if you do not provide all relevant details.


We are committed to quick and fair resolution of any complaints and will ensure your complaint is taken seriously. You will not be victimised or suffer negative treatment by us if you make a complaint.

How to complain to the Department of Customer Service (DCS)

If you believe your privacy has been breached through actions by DCS, you can apply for an internal review of the conduct that led to the breach. Please see information about making a complaint on the Information and Privacy Commission (IPC) website.

If you decide to lodge a request for a privacy internal review, please complete the IPC’s generic form and lodge it with DCS’s Privacy Officer:

Email: [email protected]

Phone: 13 77 88

Mail: Level 14, McKell Building, 2-24 Rawson Pl, Sydney NSW 2000

 

How to contact us


If you wish to ask questions about this Privacy policy, or how your personal information is collected, held, used or disclosed please contact us.


Please also contact us if you wish to obtain access to or seek correction of your personal information or make a complaint about a breach of your privacy.


Please contact the DCS Privacy Team, using the following contact details:

Email: [email protected]

Mail: DCS Privacy, Level 14, McKell Building, 2-24 Rawson Pl, Sydney NSW 2000

Phone: 13 77 88

 

Availability of this Privacy policy


If you wish to access this Privacy policy in an alternative format (e.g. hard copy) please contact us using the contact details above. This Privacy policy is available free of charge.

 

 

Back