Privacy and Personal Information Protection Act 1998 No 133
29 Operation of privacy codes of practice
(1) Privacy codes of practice may be made for the purpose of protecting the privacy of individuals.(2) A privacy code of practice may regulate the collection, use and disclosure of, and the procedures for dealing with, personal information held by public sector agencies.(3) In particular, a privacy code of practice may provide for the protection of personal information contained in a record that is more than 30 years old, and any such provision has effect despite the provisions of any other Act that deals with the disclosure of, or access to, personal information of that kind. Any such code must, to the extent that it relates to personal information contained in a State record that is more than 30 years old, be consistent with any relevant guidelines issued under section 52 of the State Records Act 1998.(4) A privacy code of practice may also provide for the disclosure of personal information to persons or bodies outside New South Wales.(5) A privacy code of practice can apply to any one or more of the following:(a) any specified class of personal information,(b) any specified public sector agency or class of public sector agency,(c) any specified activity or specified class of activity.(6) Except in the case of a privacy code of practice that is referred to in subsection (3), a code cannot affect the operation of any exemption provided under Division 3 of Part 2.(7) A code:(a) must provide standards of privacy protection that operate to protect public sector agencies from any restrictions in relation to the importation of personal information into New South Wales, and(b) must not impose on any public sector agency any requirements that are more stringent (or of a higher standard) than the information protection principles.