The information in this section is for Australian and ACT government Privacy Contact Officers (PCO).
PCOs are the first point of contact for advice on privacy matters related to their agency. The Office of the Australian Information Commissioner (OAIC) strongly encourages each agency to have a PCO.
The OAIC coordinates a network of government privacy and freedom of information contact officers called the Information Contact Officers Network (ICON). If you are a PCO and would like to join ICON, further information is available on the Subscribe page of this website.
You can also contact us to find out who your agency PCO is, or to find out the PCO of another agency.
Who should our agency appoint as PCO?
Make sure you appoint someone of sufficient seniority to be PCO. Generally, an officer below the executive level would have difficulty fulfilling the role. This is because the PCO needs to be involved in many aspects of the agency's operations, including the decision-making processes of the agency.
Generally, the role of the PCO will include:
- participating in the development of new initiatives that have a potential privacy impact
- providing advice on the general application of the Privacy Act 1988 (Privacy Act) to new agency initiatives or to the agency's general operations
- handling, or supervising the handling, of privacy complaints and enquiries
- training staff in aspects of the Privacy Act that apply to their day-to-day activities
- being the primary privacy contact for the Office of the Australian Information Commissioner.
What do I need to know as a PCO?
As a PCO, you need to have a good understanding of the Australian Privacy Principles (APPs) in the Privacy Act. Understanding the APPs will help you provide internal advice on the application of the Privacy Act to your agency's activities and to assess privacy complaints made by individuals.
You should also try to attend ICON meetings to keep abreast of new developments and helpful documents associated with privacy.
Notifying our office of possible breaches
In the event that a data breach occurs in your agency, depending on the severity of the breach, it can be a good idea to inform our office.
The OAIC updated its detailed guidance about Data Breach Notification in April 2012. Please see Data breach notification - A guide to handling personal information security breaches.
For information about when to approach the OAIC for advice, see 'When should a privacy contact officer approach the Office of the Australian Information Commissioner for advice?'