SIRA and the NSW Privacy Law
Binding privacy standards for the NSW public sector, known as Information Protection Principles and Health Privacy Principles, regulate the way public sector agencies collect, use, store and disclose personal and health information.
Information Protection Principles and Health Protection Principles
What personal and health information we collect
SIRA collects the personal and health information we need to provide you with our services, such as your name, date of birth, contact details, payment information and compensation claim information collected in order to regulate workers compensation insurance, motor accidents compulsory third party (CTP) insurance and home building compensation in NSW eg. details of accidents and injuries, nature of injuries and medical reports. A more comprehensive list of information we collect is available in our Privacy Management Plan.
We limit the information we collect to only what we need to provide our services.
How we collect your personal and health information
SIRA usually collects personal and health information directly from you or someone you authorise to act on your behalf, usually via phone, email, application form or social media.
We may also collect information about you indirectly, including from:
- our agents or contractors
- third parties such as SafeWork NSW, and
- others, in the event of an emergency
If we collect your health information from someone other than you, we will take any steps reasonable in the circumstances to let you know.
When we collect your personal and health information, or when we tell you we’ve collected your health information from someone else, we’ll let you know:
- that we’re collecting it/have collected it
- whether the provision of the information is mandatory or voluntary
- what it will be used for
- who it will be provided to, and
- your rights to access and correct the information
Why we collect your personal and health information
SIRA may need to collect your personal and health information to:
- investigate complaints and fraud allegations
- monitor insurer performance
- investigate and prosecute under-insurance and non-insurance
- administer self and specialised insurer licenses
- facilitate early notification of claims to CTP insurers
- administer the Nominal Defendant Scheme
- conduct the workers compensation Merit Review Service, CTP Medical Assessment Service and CTP Claims Assessment Resolution Service,
- respond to requests for access to information we hold,
- monitor the operation of and conduct research projects related to the workers compensation and CTP schemes and home building compensation fund, and
- for business planning and service improvements.
We keep your personal and health information on controlled systems, which are secured against unauthorised access. We keep personal and health information no longer than necessary, protected by reasonable security safeguards from unauthorised use or disclosure, and dispose of it appropriately.
Access and accuracy
You can ask us to provide you with details of the personal and health information about you that we hold. The process for requesting this information is identified in our Privacy Management Plan. Alternatively, you can make a request to us in writing at email@example.com.
If you find that the personal and health information we hold about you is inaccurate, please contact us on firstname.lastname@example.org so that we can correct the information. If we refuse to amend the information, we will give you reasons for that decision eg because we disagree that the information is inaccurate, or otherwise where authorised by law.
We use the personal and health information we hold to:
- administer the workers compensation and Compulsory Third Party (CTP) legislative and regulatory frameworks
- regulate the NSW workers compensation system including the Nominal Insurer and the workers compensation arrangements of NSW state government agencies, specialised insurers and self-insurers
- regulate the CTP scheme
- provide an advisory service to assist claimants in connection with claims assessment procedures under the workers compensation and motor accidents schemes, and
- contribute to the protection of consumers within the NSW residential building industry by making market practice and claims handling guidelines under the Home Building Act 1989, and approving premium methodologies relating to the provision of insurance under the Home Building Compensation Fund.
We also ensure the personal and health information is relevant, accurate, up to date, complete and not misleading before using it. Further information about how we use the personal and health information we hold is available in our Privacy Management Plan.
We may need to provide your personal and health information to organisations outside SIRA, for example:
- our agents or contractors
- medical oversight bodies and allied health practitioners
- third parties such as SafeWork NSW, and
- others in the event of an emergency
We ensure that these organisations take the security of your personal and health information as seriously as we do.
We only disclose personal and health information:
- for a purpose directly related to the reason we collected it, and where SIRA has no reason to believe the individual would object;
- where the individual concerned has been put on notice that information is usually disclosed in this way; or
- if it is necessary to do so to prevent or lessen a serious and imminent threat to someone’s life or health
We will not disclose personal and health information about a person’s ethnic or racial origin, political opinions, religious or philosophical beliefs, trade union membership, health or sexual activities, unless such disclosure is necessary to prevent or lessen a serious or imminent threat to life or health.
Other important elements
What exemptions apply?
Generally, SIRA does not have to comply with certain Information Protection Principles and Health Privacy Principles where this would prevent SIRA from carrying out its proper functions, such as investigation of suspected offences under workers compensation law.
Privacy complaints about the conduct of SIRA
If you are unhappy with the way SIRA has dealt with your personal and health information, you can make a complaint – either directly to us or to the NSW Privacy Commissioner (see below).
Complaints to us should be in writing, addressed to SIRA, specify a return address within Australia, and be lodged with SIRA within 6 months of the time when you first became aware of the conduct you are complaining about.
Further information about our handling of complaints is available in our Privacy Management Plan. If you’re not satisfied with the outcome of our review, you can apply to the NSW Civil and Administrative Tribunal for a further review of the conduct. The Tribunal has the power to make any orders that it thinks necessary, including the power to award damages.
Privacy complaints about other persons or bodies
Privacy complaints can also be directed to the NSW Privacy Commissioner, (www.ipc.nsw.gov.au). The Commissioner does not have power to make orders or to award compensation but will conciliate complaints by assisting parties to reach a decision that all are happy with.
- Privacy Management Plan
- Privacy and Personal Information Protection Act 1998
- Health Records and Information Privacy Act 2002
Phone: 13 10 50
Mail: SIRA, Locked Bag 2906 Lisarow NSW 2252