Skip to main content

Privacy Statement

This Privacy Statement outlines how the Office of the Independent Review Officer (IRO) manages your personal information and health information (referred to collectively as ‘personal information’). We do this in accordance with the information protection principles contained in the Privacy and Personal Information Protection Act 1998 and the health privacy principles contained in the Health Records and Information Privacy Act 2002.

What the IRO does

The roles of the Independent Review Officer and the IRO include:

  • helping injured workers and persons injured in motor vehicle accidents to find solutions to complaints about insurers
  • providing funding to approved lawyers to assist injured workers pursue their compensation entitlements.

Why we collect your personal information

We collect personal information to assist us to perform these roles including to:

  • respond to information requests, answer enquiries and resolve complaints
  • assess eligibility for legal funding
  • plan and report on our services
  • use feedback from you to help us identify opportunities for us to improve our service delivery.

If we collect your personal information for another purpose, we will tell you about this at the time we collect the information.

How we collect your personal information

Personal information may be collected in a number of ways, including:

  • directly from you when you make a complaint about an insurer or make an enquiry about a claim or entitlements
  • from your lawyer when they seek a grant of funding to assist you and at any time while the grant is open
  • from your insurer
  • from a third party as part of the legal funding process.

We will only collect your personal information with your consent. However, we require certain information to allow us to provide services to you. If you decline to provide us with this information, we may not be able to assist you with your complaint and your lawyer may be ineligible to receive a grant of funding on your behalf.

The types of personal information we collect

The main types of personal information we collect include:

  • name, address, date of birth and contact details
  • information about your injury, treatment and health circumstances
  • information about your working arrangements and income.

How we keep your personal information safe

The IRO is a paperless office and stores all information electronically. All files have unique identifiers and are protected by passwords. Only authorised persons are able to access your personal information.

Access to your personal information

You are entitled to seek access to your personal or health information held by the IRO. Where this information has been provided to the IRO by your lawyer, insurer or a third party, we will ask that you request the third party to provide access to the information in the first instance.

Accuracy and alteration of your personal information

You can request alterations to your personal information if your details change. You can do this by sending an email to

When we disclose personal information

We may disclose your personal information to third parties to:

  • resolve complaints, or for another purpose where you have given consent, or that you were previously made aware of
  • if we are asked to share information with other organisations or government agencies according to law or for a lawful purpose
  • to otherwise comply with our legal obligations
  • inform our continuous service delivery improvement efforts.

We may disclose your personal information to the State Insurance Regulatory Authority (SIRA) to enable SIRA and us to perform our legislative functions.

How we use your personal information 

Some de-identified information from complaints and grant applications may be used in education and awareness programs, public statements and training, but never in a way that would compromise an individual’s identity. 

IRO surveys 

Sometimes, the IRO seeks voluntary completion of surveys on its services, advice and publications. These surveys may collect different kinds of demographic data. The IRO ensures any proposed survey or other kind of collection complies with the PPIP Act and HRIP Act. 

Third party providers may distribute these surveys on behalf of the IRO. The IRO ensures that these providers have appropriate privacy policies in place, apply the relevant privacy principles and collect and store information in a secure environment.

If you agree to participate in a survey on IRO’s services, you may decide to give us personal information, such as contact details, personal opinions, stories, accounts of your experience and backgrounds. The IRO may ask for further personal information, but only to clarify the issue being raised. 


Audits and reporting

The IRO may use information collected to conduct internal audits and in quality assurance processes that the IRO may be required to undertake as part of its audit and reporting obligations, as authorised or required by law, and to inform our continuous service delivery improvement efforts.

If you have a complaint about privacy

You can contact us if you have a complaint about how we have handled your personal information. We aim to resolve complaints quickly and fairly. If you make a complaint, the IRO will work with you to resolve your complaint and keep you informed of its progress. 

Our website provides information on how to make a complaint.

For further information

The IRO is an independent office and agency within the Customer Service cluster. 

For more information about how the IRO adheres to privacy law please refer to the IRO Privacy Management Plan.  

For general information about your right to privacy and the PPIP Act, you can also visit the Information and Privacy Commission (NSW) website

The Mandatory Notification of Data Breach Scheme commenced in NSW on 28 November 2023. For more information, please refer to the IRO Data Breach Policy