How do I make a complaint?
How do I make a complaint if I think my privacy (non-health information) has been breached?
If you believe a NSW public sector agency or organisation has misused your personal information you can:
1. Lodge an application for an internal review with the organisation (within six months). This is an internal investigation to assess if the agency has complied with its privacy obligations. The agency has to advise and consult with the NSW Privacy Commissioner. The review should be done in 60 days (if practicable). There is no fee.
The agency may have a specific form for you to fill in. Check their website or contact the Privacy Contact Officer in the agency. If not, you can download a generic form here.
You will be informed in writing of the result of the agency’s review. The agency must inform the NSW Privacy Commissioner.
2. Complain to the NSW Privacy Commissioner. Your complaint can be in writing, or you can complain verbally. The Privacy Commissioner may require a verbal complaint to be put in writing.
What if I am not happy with the result of the internal review?
If you are unhappy with the result of the review (or it is not completed in 60 days) you have 28 days* to apply to the NSW Civil and Administrative Tribunal (NCAT) for a review of the conduct or decision complained about.
NCAT may order the agency to change its practices, apologise or take steps to remedy any damage. NCAT’s decision is enforceable and they may award compensation.
Is there a more appropriate office to handle my complaint?
If your complaint is not about a NSW public sector agency (including a local council or university), but is about a federal government agency or private sector business with a turnover of over $3million, you can contact the Office of the Australian Information Commissioner.
If your privacy complaint doesn’t fall into any of these categories, you may be able to make a general complaint to the NSW Privacy Commissioner. If the complaint is accepted, the Privacy Commissioner is only able to conciliate these matters.
The Privacy Commissioner has the power to accept broad-based privacy complaints.
NOTE: Depending on the circumstances the IPC may not always be able to accept your complaint; however, we can provide guidance regarding other options.
Download our fact sheet: Guide to protecting your privacy in NSW
* Refer to Rule 24 of the Civil and Administrative Tribunal Rules 2014.
How do I make a complaint about my health information to the NSW Privacy Commissioner?
If your complaint is about your health information and it is against a NSW private health service provider or organisation holding health information above a certain size, then you can complain to the NSW Privacy Commissioner. (You can also complain to the Australian Privacy Commissioner).
You should make the complaint in writing and include as many relevant details as possible. The NSW Privacy Commissioner will assess the complaint and decide whether to accept it.
In considering the complaint, the NSW Privacy Commissioner may resolve the issue by one of the following means:
- Resolution
- Conciliation
- A report on the findings.
If the Privacy Commissioner provides a report on the findings, you then have the opportunity to have the matter decided by the NSW Civil and Administrative Tribunal (NCAT). There is a cost involved in going to NCAT and you may need to have legal representation. NCAT will deliver an enforceable decision and can award compensation.
How long will it take?
It may only take a few phone calls, or it could take several months. It is highly dependent on the circumstances of the complaint. We will keep you informed of progress.
Is there a more appropriate office to handle my complaint?
If we think we are not the best office to handle your complaint, we may refer you to a more appropriate office or pass the complaint onto the office on your behalf. There are a number of other government offices that deal with privacy complaints:
Office of the Australian Privacy Commissioner
Deals with complaints about private health service providers or organisations holding health information, large businesses, Federal government agencies, tax file numbers, consumer credit reporting and Commonwealth spent convictions. www.oaic.gov.au or 1300 363 992.
NSW Health Care Complaints Commission
Deals with complaints about confidentiality of medical records and conduct of health workers in NSW. Call 1800 043 159.
NSW Ombudsman
Deals with complaints about the conduct of most NSW public sector agencies, including Family and Community Services, and local governments. However, the NSW Ombudsman cannot investigate complaints about alleged privacy breaches. www.ombo.nsw.gov.au or 1800 451 524.
Telecommunications Industry Ombudsman
Deals with complaints about telephone carriers and service providers http://www.tio.com.au/ or 1800 062 058.
Australian Direct Marketing Association
Can assist in removing names from mailing lists. https://www.adma.com.au/do-not-mail or 1800 252 389
Page updated: January 2016
