Newsflash:

We’re open every day except Good Friday, 29 March. View our Easter opening hours here ›

Privacy complaint

How it works

If you believe the State Library has handled your personal information contrary to the privacy principles, you can make a privacy complaint.

For a complaint about how the State Library has handled your personal information, you should make the complaint direct to us to start with.

If your complaint is about a different kind of privacy issue – such as physical privacy – you should complain directly to the NSW Privacy Commissioner.

What is personal information?

“Personal information” is any information or an opinion about you that either includes your name or has enough other information that you can be identified anyway.

“Personal information” can include for example your name, address or gender, or information about your health, finances or employment. It can also include physical information about you, like your fingerprints, body samples or DNA.

What is not personal information?

There are some kinds of information that are not personal information, e.g. information about someone who has been dead for more than 30 years, information about someone that is contained in a publicly available publication,  information about an individual that is contained in a document kept in a library, art gallery or museum for the purposes of reference, study or exhibition, or information or an opinion about a person’s suitability for employment as a public sector official.

How do I make my complaint?

We encourage people to try to resolve privacy issues with us informally before going through the review process. We recommend that individuals contact the State Library’s Privacy Contact Officer to discuss the issue before lodging an internal review.

The Privacy Contact Officer:

  • responds to enquiries about how we manage personal and health information
  • responds to requests for access to and amendment of personal or health information
  • provides guidance on broad privacy issues and compliance
  • conducts internal reviews about possible breaches of the PPIP Act and HRIP Act (unless the subject of the review is the conduct of the Privacy Contact Officer).

If you’re not satisfied with that process, you can make a formal complaint. This is known as an application for “internal review”.

What is an internal review?

People have the right to seek an internal review under the Privacy and Personal Information Protection Act 1998 (PPIP Act) if they think we have breached the PPIP Act or the Health Records and Information Privacy Act 2002 (HRIP Act) relating to their own personal or health information. People cannot seek an internal review for a breach of someone else’s privacy, unless they are an authorised representative of the other person.

Under section 53(3) of the PPIP Act an application for an internal review must:

  • be in writing, and
  • be addressed to the State Library of NSW, and 
  • specify an address in Australia to which a notice of the outcome of the review may be sent, and
  • be lodged at the State Library of NSW within six months from the time the applicant first became aware of the conduct they want reviewed. We may also consider a late application for review.

If the complaint is about an alleged breach of the Information Protection Principles and/or Health Privacy Principles, the internal review will be conducted by an officer who:

  • was not involved in the conduct which is the subject of the complaint, and
  • is an employee or an officer of the agency, and
  • is qualified to deal with the subject matter of the complaint.

Do I need  to use an application form?

An application for internal review must be made in writing, and within 6 months of you first becoming aware of the conduct you are complaining about. There is no fee involved.

We suggest you use the State Library’s PDF icon Privacy complaint – request for internal review form, but it is not compulsory.

It helps us to investigate your complaint if you can be as specific as possible about the nature of your complaint.

What is the internal review process?

In most instances the Privacy Contact Officer will conduct the internal review unless, for example, the internal review is about the conduct of the Privacy Contact Officer. The procedure ‘PDF icon Complaints about a breach of privacy’ describes the complete review procedure.

The State Library aims to:

  • acknowledge receipt of an internal review within 5 working days
  • send a letter to the NSW Privacy Commissioner with details of the application. A photocopy of the written complaint will be provided to the NSW Privacy Commissioner
  • complete an internal review within 60 calendar days.

The Privacy Contact Officer will inform the applicant of the progress of the internal review, particularly if it is to take longer than first expected.

The Privacy Contact Officer will respond to the applicant in writing within 14 calendar days of deciding the internal review as required under section 58(8) of the PPIP Act.

The response will include:

  • the findings of the review (and the reasons for those findings), and
  • the action we propose to take (and the reasons for taking that action), and
  • the applicants entitlements to have the findings, and our proposed action, reviewed by the NSW Civil and Administrative Tribunal.

We will also send a copy of our response to the NSW Privacy Commissioner.

Statistical information about the number of internal reviews conducted will be included in the Annual Report of the Library Council of New South Wales as required under the Annual Reports (Statutory Bodies) Act 1984 (NSW).

What is the NSW Privacy Commisioner's role in internal reviews?

The State Library is required to notify the NSW Privacy Commissioner when an internal review request is received and of the proposed outcome. The NSW Privacy Commissioner is entitled to make submissions to the State Library outlining his/her view on the matter.

A person can also make a complaint direct to the NSW Privacy Commissioner if they think the State Library has breached the PPIP Act or HRIP Act relating to their own personal or health information.

What if I'm still not satisfied?

A person can seek an external review if they are unhappy with the outcome of an internal review we have conducted or do not receive an outcome within 60 days.

To seek an external review a person must apply to the NSW Civil and Administrative Tribunal (NCAT). Generally a person has 28 days from the date of an internal review decision to seek an external review. A person must seek an internal review before they have the right to seek an external review.

The NCAT has the power to make binding decisions on an external review.

What if my privacy complaint is not eligible for an internal review?

Your complaint will still be considered. The Library’s normal complaint handling procedures will apply.

More information

View the State Library's PDF icon Privacy complaint – request for internal review

View the Factsheet page

View the External resources page

Contact the State Library's Privacy Contact Officer

For more information on how to lodge a privacy case in the NSW Civil and Administrative Tribunal, view their website or contact the Tribunal on (02) 9377 5711.

For more information about the role of the Privacy Commissioner, view their website or contact the NSW Information and Privacy Commission on 1800 472 679.