Your privacy

This page is to help you understand how the NSW privacy legislation protects our customers' personal and health information and how icare meets its obligations in respect of this information.

Information Protection Principles and Health Privacy Principles, regulate the way in which icare collect, use, store and disclose personal and health information. These standards are set out in the Privacy and Personal Information Protection Act 1998 (PPIP Act) and the Health Records and Information Privacy Act 2002 (HRIP Act).

What personal and health information we collect

icare collects the personal and health information we need to provide you with our services, such as your name, address, date of birth, contact details, payment information. Information collected in response to workplace incidents, motor accidents, details of dust related disease eg. the nature of an injury, information to assist with return to work following a workplace incident eg. work capacity and return to work plans or builder’s risk assessment for residential building projects and homeowner’s claim. A more comprehensive list of information we collect is available in our Privacy Management Plan (under review).

How we use your information

We use the personal and health information we hold to manage your claim or policy with icare, including:

  • engaging with medical professionals and other treatment, rehabilitation and care providers regarding your claim;
  • liaising with employers of injured workers;
  • engaging with external service providers such as building consultants;
  • processing and issuing policies;
  • evaluating our programs and services;
  • undertaking research and planning new services;
  • responding to and handling enquiries and complaints and disputes; and
  • otherwise as provided in consents by you in the course of your claim.

Disclosure of personal and health information

We may need to provide your personal and health information to organisations outside icare, for example:

  • our agents, contractors or building consultants performing work on icare’s behalf;
  • medical professionals and other treatment, rehabilitation and care providers involved in supporting you;
  • regulators such as the State Insurance Regulatory Authority (SIRA) and NSW Fair Trading;
  • research organisations; and
  • in exceptional circumstances, icare may also need to provide your information to other bodies, for example, to the police if the information is needed for law enforcement purposes.

We only disclose personal and health information:

  • for a purpose directly related to the reason we collected it, and where icare has no reason to believe the individual would object;
  • in some cases we can share your information with other state, territory and Commonwealth government departments, and other organisations that provide services without your consent. Download the Privacy management plan (under review) for more details;
  • where the individual concerned has been put on notice that information is usually disclosed in this way; or
  • if it is necessary to do so to prevent or lessen a serious and imminent threat to someone’s life or health.

Storage of your information

We keep personal and health information on controlled systems, protected by security safeguards such as building and equipment security, which are used in conjunction with digital technology, such as data encryption and firewalls, to minimise against unauthorised use, access or disclosure and we keep it no longer than necessary, dispose of information appropriately in accordance with the NSW State Records Act 1998. Records are only accessed when there is a legitimate purpose for doing so.

Access and accuracy of your information

We are committed to ensuring that the information we hold is accurate, complete and up to date, so we encourage you to advise us if the information you have given us has changed.

You can ask us to provide you with details of the personal and health information that we hold about you. The process for requesting this information is identified in our Privacy Management Plan. Alternatively, you can make a request to us in writing at privacy@icare.nsw.gov.au using the following forms:

If you find that the personal and health information we hold about you is inaccurate, please contact us at privacy@icare.nsw.gov.au so that we can correct the information. If we refuse to amend the information, we will give you reasons for that decision as to why we disagree that the information is inaccurate, or otherwise where authorised by law.

Privacy complaints

If you are unhappy with the way icare has dealt with your personal information, you can make a complaint directly to us at privacy@icare.nsw.gov.au

Complaints to us should be in writing, addressed to the Privacy Officer, icare, specifying a return address within Australia, and be lodged with icare within 6 months of the time when you first became aware of the conduct you are complaining about.

Further information about our handling of complaints is available in our Privacy Management Plan. If you are not satisfied with the outcome of your complaint you can then ask for an internal review, using the form provided below.

Application for internal review

You can apply to the NSW Civil and Administrative Tribunal for a further review of the conduct. The Tribunal has the power to make any orders that it thinks necessary, including the power to award damages.

Privacy complaints can also be directed to the NSW Privacy Commissioner at the Information and Privacy Commission.

Further information

To find out more about what other personal and health information icare holds and how we manage it please refer to our Privacy Management Plan (under review), icare privacy policy. or contact us at privacy@icare.nsw.gov.au.

If you wish to access, amend or request an internal review is conducted by icare please view the applicable forms: