Privacy

Our commitment to you

We care about your privacy. You have the right to know the information that we collect, the purpose for which it is collected, how the information is used and to whom, if anyone, the information is disclosed.

If you have a privacy enquiry or complaint
Email privacy@sydneywater.com.au or write to Privacy Manager, Sydney Water, PO Box 399, Parramatta NSW 2124.


Our privacy standards 

Our privacy standards are set out in the Privacy and Personal Information Protection Act 1998 (PPIP Act) and the Health Records and Information Privacy Act 2002 (HRIP Act).

  • Our Privacy Management Plan describes how we fulfil our obligations under the privacy legislation.
  • Our Data breach policy is part of the Mandatory Notification of Data Breach Scheme (MNDB Scheme), which commenced on 28 November 2023. This policy explains how we will handle a data breach containing personal or health information. Our obligations under the MNDB Scheme also include having a Public Notification Register.
  • Our privacy statement outlines our commitment to protecting your privacy and ensuring your personal and health information is managed according to law.

How to access or amend personal or health information

The PPIP Act and the HRIP Act give individuals the right to access and amend their own information.

You can call us on 13 20 92 8am–5:30pm Monday to Friday (except public holidays), or contact us online. If you're registered with My Account, you can log in to My Account to see your account-related information.

In all other circumstances, you can:

If none of the circumstances described above are relevant, you should consider enquiring under the GIPA Act. You can find out more about access to information.
 

Privacy on our website

We use analytics systems like Google Analytics and Adobe Analytics to gather information about visitor activity on our website. We don't use these systems to identify you. We use them to aggregate results. This helps us to evaluate and improve our services, and make our services easier for you to use.

Our website also contains third-party cookies and pixels that social media providers use to collect information about their members' activities on our website. We use this data in aggregated form to evaluate our online activities. For example, what kinds of audiences engage with our social media campaigns.

When you use our website, some information is logged automatically. This includes:

  • your operating system
  • your IP address
  • your device and browser type
  • what city you're in
  • how long you spend on our website
  • which pages, documents and videos you viewed.

We take measures to protect ourselves from malicious activities on our website, like Google reCAPTCHA challenges.

Google and Meta also use information from sites and apps that use their services.
 

If you think an email or SMS is a hoax or scam

We'll never contact you by email or SMS and ask for personal information such as your password, username, or credit card or bank account details. If you receive an email or SMS from Sydney Water you think may be a scam or hoax, don't respond to it. Please check. Call us on 13 20 92 8am–5:30pm Monday to Friday (except public holidays).


How we notify you if there's a data breach

We'll make every effort to notify you personally if your personal or health information is breached. If we can't notify you personally, you'll be able to find details of the data breach in our Public Notification Register. You can find out more from our Data breach policy.
 

Our Public Notification Register

For affected customers we can't notify individually, we maintain a Public Notification Register. We'll publish details of data breaches in this Register.

We'll record the following details unless they contain personal information or they would prejudice Sydney Water's functions:

  • date of breach
  • description of breach
  • how the breach occurred
  • the type of breach (unauthorised disclosure, access or loss of information)
  • the kind of information involved
  • how long the information was disclosed for
  • action taken or planned to contain or mitigate any harm to individuals or secure the data
  • any recommended actions that affected individuals take themselves (if any)
  • how to make a privacy complaint
  • the name of the agency responsible for the breach
  • the name of any other NSW government agency involved in the breach (if any)
  • contact details to speak to someone about the breach.