Protecting privacy on nsw.gov.au: the role of public servants

Public servants working on nsw.gov.au must protect the digital privacy of NSW citizens and customers. They expect transparency and security when sharing their personal information.

From creating webforms to the way we manage data, we are responsible for handling personal and health information with care.  

This blog explains the responsibilities of public servants and the tools available to fulfill them. Together, they maintain minimum privacy standards across nsw.gov.au. 

Why privacy matters

The NSW Government is committed to building trust with the people we serve. Every time someone uses a webform or shares details with nsw.gov.au, they trust us with their personal information. Mishandling that information puts people at risk and can damage public confidence in our digital services.

From content editors to webform creators and agency leads, we must all protect citizens’ privacy.

Public servants: What you need to know

We have developed several resources and processes on nsw.gov.au to guide you in your privacy responsibilities. These include:

• Privacy Impact Assessments (PIAs) help identify and reduce privacy risks early on. The nsw.gov.au Content Management System (CMS) includes a prompt to request a PIA whenever a new or modified webform is created. The prompt also includes a field to add a link to the completed PIA document. This ensures privacy is considered from the start and not as an afterthought.
• Privacy Collection Notices (PCNs) are legally required if personal or health information is collected through a webform. Updated PCN templates make it easier to create compliant, clear notices. These templates use standardised language and once the ‘Purpose of collection’ field is completed, the related sections in the form are automatically filled. Custom PCNs are still supported, but we recommend reviewing your current PCNs to ensure clarity and accuracy.
• The updated nsw.gov.au Privacy Statement now includes guidance on the consequences of clicking on external links. Users navigating to external sites are no longer protected by our privacy rules. It is our responsibility to inform users of this. This change enhances transparency and supports customers in making informed choices about their data. 

Public servants: What you can do

Here are simple actions you can take to help protect privacy:

• Identify your agency’s Privacy Officer before migration. Work with them to review how personal information is currently collected, stored, and transferred to ensure compliance with NSW privacy and security standards.
• Use the CMS prompt to request a PIA during planning or updates from the start. This reduces privacy risks and improves transparency.
• Use the updated PCN templates. Make sure your ‘Purpose of collection’ field is completed, as it informs the content of your PCN.
• Be mindful of external links. We need to label external links to help inform users that NSW Government privacy protections no longer apply once they click through to another website.
• Know how to report a breach. Agencies must notify the Privacy Commissioner and individuals of eligible data breaches. Learn how to manage and report breaches by reviewing the Mandatory Notification of Data Breach Scheme. 

Supporting you to succeed

We understand that privacy requirements can feel complex, especially across large digital projects.  

If you need help, you can:

• refer to the Department of Customer Service Privacy Management Plan
• read the privacy guidance for nsw.gov.au and use in-CMS tools for PIAs and PCNs
• raise a support ticket through the Help Hub for personalised privacy advice.

Together, we can make nsw.gov.au a trusted and secure place for everyone. Public trust starts with public servants.