IDC Names Securiti a Worldwide Leader in Data Privacy


NSW Privacy and Personal Information Protection Act 1998 No 133

Operationalize PPIPA compliance with the most comprehensive PrivacyOps platform

Last Updated on November 7, 2023

Privacy Center
Fully Functional In Minutes

Elegant Consumer Frontend, Fully Automated Backend, Privacy Regulation Intelligent Everywhere.


The Privacy and Personal Information Protection Act 1998 (No. 133) (PPIPA) is a privacy law in the state of New South Wales, Australia, that regulates the collection, use, and storage of personal information by government agencies.

The PPIPA sets out the legal framework for protecting personal information in New South Wales. It applies to state government agencies, statutory or declared authorities, the police service, and local councils. It provides individuals with certain rights in relation to the handling of their personal information, and it imposes obligations on organizations that handle personal information to protect the privacy of individuals.

PPIPA requires that organizations have a privacy policy, and must notify individuals about how their personal information will be used, and it provides individuals the right to access their personal information and to request corrections if it is inaccurate. It also limits the use and disclosure of personal information by organizations. If an individual believes that their rights have been breached under the PPIPA, they can make a complaint to the Privacy Commissioner.

The Solution

Securiti enables organizations to comply with the Privacy and Personal Information Protection Act of 1998 No. 133 through AI-driven PI data discovery, DSR automation, documented accountability, enhanced visibility into data processing activities, and AI-driven process automation.

New South Wales PPIPA Compliance Solution

Securiti supports enterprises in their journey toward compliance with Privacy and Personal Information Protection Act of 1998 No. 133 through automation, enhanced data visibility, and identity linking.


Assess Readiness

PPIPA Sections: 8, 10, 11, 13, 20

With the help of Securiti’s multi-regulation, collaborative, readiness, and privacy impact assessment system, you can measure your organization's posture against the Privacy and Personal Information Protection Act of 1998 No. 133 through requirements, identify the gaps and address the risks.

PPIPA Readiness Assessment Automation
data access request

Secure Fulfillment of Data Access

PPIPA Sections: 10(e), 13(c)(ii), 14

Discover who is accessing private information, where they are located, what systems they use, and what laws apply to that data. Create policies for data access control automatically based on the kind, sensitivity, system, location, or legal requirements.

Automate the Processing of Data Accuracy and Rectification Requests

PPIPA Sections: 11(a), 15, 16

Seamlessly fulfill data rectification requests with the help of automated data subject verification workflows across all appearances of a subject’s personal data and ensure that data collection is complete and accurate.

data rectify request
Data Flow Mapping

Map Data Flows (Cross-Border Data Transfers)

PPIPA Section: 19(2)

Generate dynamic visual data maps to map personal data to its correct owners, easily monitor cross-border traffic and other key data patterns and exchanges, and maintain updated records of data processing activities. Ensure that an individual’s personal information isn’t disclosed to any person or body who is in a jurisdiction outside New South Wales except for in given circumstances.

Monitor and Track Consent

PPIPA Sections: 17(a), 19(2)(b), 19(2)(e), 27B(c)(i), 27D(1)(c), 27D(3)(a)

Securiti's Consent Management Platform enables organizations to obtain end-users' consent for data access, retrieval, and advertising purposes. Data controllers can allow data subjects to withdraw consent once granted or update their consent preferences via configurable consent preference centers.

Universal Consent Dashboard
PPIPA Data Breach Assessment

Automate Data Breach Assessment

PPIPA Sections: 59(E), 59(H)

Automate the incident response process by gathering incident details, identifying the scope, and optimizing notifications to users and regulatory bodies to comply with PPIPA.

Automate Data Breach Response Notifications

PPIPA Sections: 59(D), 59(M), 59(N), 59(O), 59(P)

Automate compliance actions and breach notifications to concerned stakeholders concerning security and data breach incidents by leveraging a knowledge database on security and data breach incident diagnosis and response. Issue timely notification of eligible data breaches to the regulatory authority, and individuals, the information that is to be provided to the individuals, and circumstances when notification is to be made to the public.

breach response notification
vendor risk managements

Manage Vendor Risk

PPIPA Section: 19(2)(d)

Track, manage, and monitor vendors' privacy and security readiness from a single interface. Collaborate instantly, automate data requests and deletions, and manage all vendor contracts and compliance documents.

Privacy Policy and Notice Management

PPIPA Sections: 10, 33

Automatically update and refresh your privacy policies and notices. Build and publish a privacy notice with pre-built templates.

Privacy Policy Management
Data Security Controls

Assess Data Protection Measures and Enable Appropriate Security Controls

PPIPA: Section 12

Automate security, privacy, and governance functions with an intuitive workflow orchestration engine. Leverage built-in integrations and customizable triggers to streamline operations, introduce appropriate security controls, reduce costs, and improve accuracy.

Data Subject Rights Under Privacy and Personal Information Protection Act 1998 No. 133

PPIPA gives individuals the right to control how their personal information is collected, used, and disclosed. The Act outlines several key rights that individuals have under the law, including:

The right to access personal information

Individuals have the right to access any personal information that is held about them by organizations.

The right to request rectification

Individuals have the right to request that an organization correct any personal information that is inaccurate or out-of-date.

Facts about Privacy and Personal Information Protection Act 1998 No. 133


On 16 November 2022, the NSW Parliament passed the Privacy and Personal Information Protection Amendment Bill 2022 (the Bill) that introduced a mandatory notification of data breach scheme (MNDB scheme). MNDB scheme provides a 12-month grace period for the organizations to comply.


PPIPA regulates the collection, use, and storage of personal information by government agencies and private organizations.


It applies to all personal information, regardless of how it is collected or stored. Law enforcement agencies and other public authorities are exempt from complying with the collection and usage principle if it interferes with law enforcement function, judicial proceedings, and the protection of public revenue.


It does not apply to health records and does not apply to private information gathered by non-government (private) agencies.


It allows individuals to complain to the Privacy Commissioner if they believe their rights under the PPIPA have been breached. The complaint must be made within 6 months from the time the complainant first became aware of the violation or breach.


PPIPA also imposes a maximum penalty of 100 penalty units or imprisonment for 2 years or both. As per Crimes Act 1914, one penalty unit equals 275 AUD.

Forrester Names Securiti a Leader in the Privacy Management Wave Q4, 2021

Read the Report
Forrester Wave

Securiti named a Leader in the IDC MarketScape for Data Privacy Compliance Software

Read the Report
IDC MarketScape

At Securiti, our mission is to enable enterprises to safely harness the incredible power of data and the cloud by controlling the complex security, privacy and compliance risks.


Gartner Cool Vendor Award Forrester Badge IAPP Innovation award 2020 IDC Worldwide Leader RSAC Leader CBInsights Forbes Security Forbes Machine Learning G2 Users Most Likely To Recommend