Crown Solicitor's Office

Specialised training

The CSO delivers training exclusively to NSW Government sector employees on privacy law and on the Government Information (Public Access) Act 2009 (GIPA Act) .

All training is delivered face-to-face by CSO experts in the Sydney CBD.

Each course is limited to no more than 22 people to maximise participation and learning outcomes.

Practising solicitors may be able to claim CPD units if these courses extend your knowledge and skills in areas that are relevant to your practice needs or professional development.

NSW privacy law training

The CSO's training courses help individuals working in the NSW Government sector to understand and handle their agency’s obligations under NSW privacy legislation (Privacy and Personal Information Protection Act 1998 and Health Records and Information Privacy Act 2002).

Course information

Introduction to NSW privacy law costs $395 + GST and runs from 9:30 am to 1 pm.

Advanced NSW privacy law and Conducting privacy internal reviews costs $365 + GST and runs from 9:30 am to 12:30 pm.

  • Introduction to NSW privacy law: Thursday 30 April 2026 (course full)
  • Advanced NSW privacy law: Thursday 28 May 2026 (course full)

Registrations for Conducting privacy internal reviews will open in July 2026.

Join the waitlist

Courses for the first half of the year are now full. To join the waitlist for future course dates, complete the individual booking registration form , the group booking registration form, or email csomarketing@cso.nsw.gov.au.

Course dates for the second half of the year will be published by the end of July. To be notfied when registrations open, email csomarketing@cso.nsw.gov.au.

Course outlines and learning outcomes

Introduction to NSW privacy law

Recommended for: anyone working in NSW Government involved in the collection, use or management of records containing personal or health information.

No prior knowledge of the information protection principles and the health privacy principles is assumed.

Course outline

This course provides an overview of the privacy obligations all NSW government agencies must follow, and consequences of non-compliance.

The course will cover the following topics:

  • statutory definition of ‘personal information’ and ‘health information’
  • information protection principles and health privacy principles that address the collection, use, disclosure, access, amendment, retention and security of personal and health information
  • practical legal consequences of breaching an agency’s privacy obligations
  • an agency’s obligations under the Mandatory Notification of Data Breaches scheme
  • key privacy governance documents promoting compliance (including privacy management plans).

Learning outcomes

On completion of this course, participants will:

  • understand the data handling principles that apply to ‘public sector agencies’ and ‘organisations’ under NSW privacy legislation in relation to personal and health information
  • understand the obligations imposed by the Mandatory Notification of Data Breaches scheme
  • recognise practical legal consequences of breaching statutory privacy obligations.
Advanced NSW privacy law

Recommended for: anyone working in NSW Government seeking to develop a deeper understanding of NSW privacy law.

The course assumes participants have a basic knowledge of the information protection principles and the health privacy principles.

Course outline

This course provides a deeper understanding of NSW privacy law, and will cover the following topics:

  • the interaction between the Government Information (Public Access) Act 2009, the Privacy and Personal Information Protection Act 1998 and the Health Records and Information Privacy Act 2002
  • exemptions to the applications of the information protection principles and the health privacy principles
  • other legal mechanisms that can be sought by an agency to avoid breaching the information protection principles and the health privacy principles
  • issues surrounding when conduct should be attributed to a ‘public sector agency’
  • privacy issues surrounding agency projects, activities or initiatives involving another agency’s information.

Learning outcomes

On completion of this course, participants will:

  • recognise exemptions and exceptions to information protection principles and the health privacy principles and where to find them
  • understand legal measures to seek to avoid breaching the information protection principles and health privacy principles
  • recognise key privacy issues impacting projects or activities between agencies or for agencies.
Conducting privacy internal reviews

Recommended for: anyone working in NSW Government who may be directed to deal with an application for internal review under the NSW privacy legislation.

The course assumes participants have a basic knowledge of the information protection principles and the health privacy principles.

Course outline

This course provides practical guidance to those directed to deal with an application for internal review under s. 53 of the Privacy and Personal Information Protection Act 1998.

The course will cover the following topics:

  • determining when a privacy complaint constitutes a valid internal review application
  • setting the scope of the internal review to be conducted
  • conducting the fact-finding investigation of the internal review
  • what the reasons for the internal review should address
  • dealing with querulant applicants
  • setting the timeframes for the internal review process.

Learning outcomes

On completion of this course, participants will:

  • understand good practice and the strategies to employ in conducting an internal review
  • recognise some of the common pitfalls in responding to internal review applications and how to avoid them.

GIPA Act training

The CSO delivers training to help individuals working in the NSW Government sector understand the Government Information (Public Access) Act 2009 (GIPA Act) and its impact on government information sharing.

Course information

Each course costs $510 + GST per person. Each course runs from 9:30 am to 4 pm.

  • Introduction to the GIPA Act: Thursday 23 April 2026 (course full)
  • Advanced GIPA Act training: Thursday 14 May 2026 (course full)

Join the waitlist

Courses for the first half of the year are now full. To join the waitlist for future course dates, complete the individual booking registration form, the group booking registration form, or email csomarketing@cso.nsw.gov.au.

Course dates for the second half of the year will be published by the end of July. To be notfied when registrations open, email csomarketing@cso.nsw.gov.au.

Course outlines and learning outcomes

Introduction to the GIPA Act

Recommended for: NSW Government employees who require an understanding of the GIPA Act and the implications of working under the Act.

It is assumed participants have limited or no experience with the GIPA Act.

Course outline

This course will cover the following topics: 

  • what kind of information is available under the GIPA Act, and how it can be accessed
  • how to process an application for information
  • consulting with third parties
  • how to determine whether there is an ‘overriding public interest against disclosure’
  • preparing decisions under the GIPA Act
  • avenues for seeking review of agency decisions.

The course will engage participants through interactive presentations, group discussions, and case studies based on real problems encountered by government agencies.

Learning outcomes

On completion of this course, participants will understand:

  • what the GIPA Act covers, and what government information may be accessed under the Act
  • how to efficiently process formal and informal GIPA Act applications
  • applicable fees and charges
  • what constitutes an ‘overriding public interest against disclosure’ and how to apply the balancing test
  • avenues of review or appeal of agency decisions.
Advanced GIPA Act training

Recommended for: those who have completed our Introduction to the GIPA Act course, and for those with some experience in applying the GIPA Act.

It is assumed participants have knowledge of the key concepts covered in the Introduction to the GIPA Act course.

Course outline

This course will cover the following topics:

  • the application of the ‘overriding public interest against disclosure’ test in complex cases
  • the operation of the conclusive presumption of an overriding public interest against disclosure
  • the impact of the applicant’s identity and purpose in seeking information under the GIPA Act.

The course will engage participants through interactive presentations, group discussions, and case studies based on real problems encountered by government agencies.

Learning outcomes

On completion of this course, participants will understand:

  • how to manage complex cases
  • their obligations and compliance requirements under the GIPA Act.

Last updated: