Privacy Policy

How Legal Aid NSW manages your personal and health information.

This Privacy Policy provides a framework outlining how Legal Aid NSW manages your personal information and health information (referred to collectively as ‘personal information’). We do this in accordance with the privacy principles contained in the Privacy and Personal Information Protection Act 1998 and the Health Records and Information Privacy Act 2002.

Some information will also be protected by other legal obligations, including legal professional privilege and confidentiality provisions under ss 25 and 26 of the Legal Aid Commission Act 1979.

Why we collect your personal information

We collect personal information to:

  • assess eligibility for legal aid
  • provide legal services
  • ensure accountability for the assistance we provide
  • plan and report on our services
  • respond to information requests, answer enquiries and resolve complaints, or
  • recruit and manage staff, where applicable.

If we collect your personal information for another purpose, we will tell you about this at the time we collect the information.

How we collect your personal information

The personal information you provide to us is voluntary, however if it is not provided you may be ineligible to receive a grant of legal aid and other legal services.

We mainly collect your personal information directly from you. This may occur when you:

  • apply for a grant of legal aid or access our legal services
  • contact us to ask for information or update your details
  • make a complaint
  • ask to access information held by us, or
  • apply for a job.

We may also collect your personal information from your lawyer and from other third parties with your consent.

The types of information we collect

The main types of personal information we collect includes:

  • name, address and contact details
  • information about personal, financial, and health circumstances
  • information about legal matters
  • complaints and enquiries
  • staffing and recruitment information, and
  • security footage and incident reports.

We keep your personal information safe

We store your personal information securely to protect it against loss and unauthorised access, use, modification or disclosure and any other misuse.

We destroy your personal information in accordance with our legal obligations

Access to your personal information

You have the right to access your personal information that we hold without delay or expense.

Accuracy and alteration of your personal information

You can request alterations to your personal information if your details change. We will make necessary amendments to ensure that your personal information is accurate, up to date, complete and not misleading.

How we use your personal information

We use your personal information for the purpose for which it was collected, or:

  • for another directly related purpose
  • for another purpose where you have given consent
  • if it is necessary to prevent or lessen a serious and imminent threat to life or health.

How we may contact you

We may use your personal information to contact you by letter, email, and/or phone. You can tell us which of these you prefer.

If you give us your mobile phone number, we might use it to send you text messages (SMS).

When we disclose personal information

We may disclose your personal information to third parties for any of the following reasons:

  • to provide legal services
  • to resolve complaints, or for another purpose where you have given consent, or that you were previously made aware of, or
  • if we are required to share data with researchers or other government agencies for research in the public interest (your personal information will be de-identified for the purpose of any report or publication or other disclosure related to the research)
  • if it is required for law enforcement purposes
  • if it is necessary to prevent or lessen a serious and imminent threat to life or health
  • to otherwise comply with our legal obligations.

Privacy Exemption

We are not required to comply with privacy collection provisions in relation to personal information about a financially associated person or dependant under our Privacy Code of Practice.

Data Breaches

We comply with the Mandatory Notification of Data Breach (MNDB) Scheme. This means we will immediately make all reasonable efforts to contain a data breach. We will undertake an assessment within 30 days where there are reasonable grounds to suspect there may have been an eligible data breach. During this time, we will attempt to mitigate the harm done by the suspected breach. We will notify the Privacy Commissioner and affected individuals of any eligible data breach.

For more information about how we deal with data breaches and comply with the MNDB Scheme please see the Legal Aid NSW Data Breach Policy.

If you have a complaint about privacy

You can contact us if you have a complaint about how we have handled your personal information.

Complaints are handled by our Clients Service Unit. To make a complaint go to Feedback and complaints.

Further information

For more information about how Legal Aid NSW adheres to privacy law please see the Legal Aid NSW Privacy Management Plan 2024 (PDF, 945 kb) or contact the Privacy Officer at:

The Privacy Officer
Legal Aid NSW
323 Castlereagh Street
Haymarket NSW 2000
Telephone (02) 9219 5000

For general information about your right to privacy and the Privacy and Personal Information Protection Act, you can also visit the Information and Privacy Commission NSW website.