Listen

Chapters

  1. About Privacy Management Plan
  2. Types of personal and health information held by Revenue NSW
  3. Revenue NSW legislation and policy
  4. Information Protection Principles and Health Privacy Principles
  5. Exemptions from privacy legislation
  6. Notification of data breaches
  7. Privacy internal reviews and complaints
  8. Appendices

3. Revenue NSW legislation and policy

This plan sets out how policies and practices are developed to ensure compliance by Revenue NSW with the requirements of privacy legislation. Revenue NSW policies and practices are developed by:

  • examining changes in the legislative, policy or operational environment for their impacts on our privacy management
  • conducting regular reviews of privacy policies
  • considering the privacy implications of changes to policies and systems on any processes
  • consulting with the applicable parties to ensure compliance with the PPIP Act and HRIP Act where new privacy management policies or procedures or amendments would change how personal and health information is managed.

Revenue NSW is part of the Department of Customer Service (DCS) and must comply with relevant policies written by the DCS.

The Taxation Administration Act 1996 (TAA) is administered by Revenue NSW and empowers the Chief Commissioner of State Revenue to:

  • assess tax liabilities on information obtained from any source (section 11(1) of Part 3);
  • require information, instruments and records (section 72 of Part 9 Division 2); and inspect public records (section 73 of Part 9 Division 2).

Personal information is protected by PPIPA and HRIPA and by tax legislation containing secrecy provisions. These provisions make any unauthorised disclosure of information obtained in connection with the administration of that legislation an offence. Division 3 of Part 9 of the TAA prohibits the disclosure of personal information obtained under, or in relation to, the administration of a tax law, except in the circumstances and to the third parties named in that division.

Other legislation governs Revenue NSW’s non-taxation functions including Fines, State Debt, the First Homeowner Grant Scheme and Unclaimed Money.

Section 117C of the Fines Act 1996 has been repealed by the Privacy and Personal Information Protection Amendment Act 2022 No 74.  Mandatory data breach reporting requirements are now described in Part 6A of the PPIP Act.

Revenue NSW engages with key stakeholders when developing new privacy management policies or procedures or amending them in a way that would change how personal and health information is managed, to ensure compliance with the PPIP Act and HRIP Act.

Separate to this PMP, DCS has a Data Breach Policy that sets out the procedures for managing a data breach for all agencies and business units within DCS.

Revenue NSW applies the following policy and framework to ensure compliance with our privacy obligations: