Site map
- Home
- About us
- What we do
- Our executive
- Our corporate information
- Annual reports
- Corporate plans
- Key documents
- Budget
- Indexed lists of files
- Government contracts
- Grants and appointments
- Legal services expenditure
- Operational information
- Memorandums of understanding
- Gifts and benefits register
- OAIC international strategy 2020–2021
- Our regulatory approach
- Privacy regulatory action policy
- Guide to privacy regulatory action
- Freedom of information regulatory action policy
- Privacy regulatory priorities 2020-21
- Access our information
- Administrative access to information
- Freedom of information requests to the OAIC
- Our Information Publication Scheme
- Our FOI disclosure log
- Our Privacy Impact Assessment Register
- Join our team
- Translations
- Auslan
- Arabic / العربية
- Chinese / 中文
- Easy English
- Greek / ελληνικός
- Italian / Italiano
- Korean / 한국어
- Russian / Русский
- Spanish / Español
- Thai / ไทย
- Turkish / Türkçe
- Vietnamese / Tiếng Việt
- Contact us
- Privacy
- Your privacy rights
- What is privacy?
- What is a privacy policy?
- Tips to protect your privacy
- Your personal information
- Advertising and marketing
- Children and young people
- Criminal records
- Political parties and elections
- Government agencies
- Employment
- Social media and online privacy
- Surveillance and monitoring
- Tenancy
- Privacy Challenge
- Bushfire emergency
- Privacy complaints
- Before you lodge a complaint with us
- What you can complain about
- Complain to an organisation or agency
- Lodge a privacy complaint with us
- How we investigate and resolve your complaint
- Your complaint review rights
- Online privacy complaint form
- External dispute resolution schemes
- Immigration Data Breach Privacy Complaint
- Health information
- What is health information?
- What is a health service provider?
- Handling health information
- Access your health information
- Correct your health information
- My Health Record
- Credit reporting
- What is credit reporting?
- What is a credit report?
- What stays on a credit report?
- Access your credit report
- Correct your credit report
- Make a credit reporting complaint
- Credit reporting terms
- Repayment history and defaults
- Third-party access to credit report
- Fraud and your credit report
- Commercial credit information
- Hardship assistance
- Information on your credit report
- Data breaches
- What is a data breach?
- What is a notifiable data breach?
- Respond to a data breach notification
- Make a data breach complaint
- Identity fraud
- Data breach support and resources
- Act quickly if you are affected by a data breach
- COVID-19
- The COVIDSafe app and my privacy rights
- The COVIDSafe app and my privacy rights in other languages
- COVID-19: Vaccinations and my privacy rights as an employee
- COVID-19 check-in apps privacy FAQs
- Australian Privacy Principles guidelines
- Summary of version changes to APP guidelines
- Preface
- Chapter A: Introductory matters
- Chapter B: Key concepts
- Chapter C: Permitted general situations
- Chapter D: Permitted health situations
- Chapter 1: APP 1 — Open and transparent management of personal information
- Chapter 2: APP 2 — Anonymity and pseudonymity
- Chapter 3: APP 3 — Collection of solicited personal information
- Chapter 4: APP 4 — Dealing with unsolicited personal information
- Chapter 5: APP 5 — Notification of the collection of personal information
- Chapter 6: APP 6 — Use or disclosure of personal information
- Chapter 7: APP 7 — Direct marketing
- Chapter 8: APP 8 — Cross-border disclosure of personal information
- Chapter 9: APP 9 — Adoption, use or disclosure of government related identifiers
- Chapter 10: APP 10 — Quality of personal information
- Chapter 11: APP 11 — Security of personal information
- Chapter 12: APP 12 — Access to personal information
- Chapter 13: APP 13 — Correction of personal information
- Guidance and advice
- Agency referee reports
- Data breach preparation and response
- De-identification Decision-Making Framework
- Anti-money laundering obligations
- Interactive Privacy Management Plan (for agencies)
- De-identification and the Privacy Act
- Mobile privacy: a better practice guide for mobile app developers
- Guide to developing an APP privacy policy
- Guide to mandatory data breach notification in the My Health Record system
- Guide to securing personal information
- Guide to the Privacy (Persons Reported as Missing) Rule 2014
- Guide to undertaking privacy impact assessments
- Handling privacy complaints
- Privacy public interest determination guide
- What is personal information?
- Guidelines for developing codes
- Guidelines for recognising external dispute resolution schemes
- Guidelines on data matching in Australian Government administration
- Keeping records of disclosures under the Telecommunications Act 1997
- Telecommunications service providers’ obligations arising under the Privacy Act 1988 as a result of Part 5-1A of the Telecommunications (Interception and Access) Act 1979
- Dealing with requests for access to personal information
- Dealing with requests for correction of personal information
- Australian entities and the EU General Data Protection Regulation (GDPR)
- Sending personal information overseas
- Privacy management framework: enabling compliance and encouraging good practice
- Privacy management plan template (for organisations)
- Guide to data analytics and the Australian Privacy Principles
- How to develop an APP privacy policy
- 10 steps to undertaking a privacy impact assessment
- Protecting customers' personal information
- Self-assessment checklist: Privacy obligations under the Data Retention Scheme
- Direct marketing
- Emergencies and disasters
- National Relay Service
- Transfer of financial adviser records
- Centrelink requests for information
- Conducting surveys
- ID scanners
- Posting photos and videos
- The Privacy (Tax File Number) Rule 2015 and the protection of tax file number information
- Individual healthcare identifiers — Compliance obligations for state and territory healthcare providers
- Guide to health privacy
- Privacy action plan for your health practice
- Australian Bushfires Disaster Emergency Declaration — Understanding your privacy obligations
- Data breach action plan for health service providers
- Coronavirus (COVID-19): Understanding your privacy obligations to your staff
- Assessing privacy risks in changed working environments: Privacy Impact Assessments
- Guidance for businesses collecting personal information for contact tracing
- Privacy obligations regarding COVIDSafe and COVID app data
- When do agencies need to conduct a privacy impact assessment?
- Rule 42 guidance
- Guidance for state and territory health authorities regarding COVIDSafe and COVID app data
- Coronavirus (COVID-19) Vaccinations: Understanding your privacy obligations to your staff
- National COVID-19 Privacy Principles
- Guidelines for state and territory governments – Creating nationally consistent requirements to collect personal information for contact tracing purposes
- My Health Record
- Privacy impact assessment tool
- Notifiable data breaches
- About the Notifiable Data Breaches scheme
- When to report a data breach
- Report a data breach
- Notifiable data breaches statistics
- Preventing data breaches: advice from the Australian Cyber Security Centre
- Privacy for government agencies
- Privacy for organisations
- Rights and responsibilities
- Credit reporting
- Employee records exemption
- Guidance and advice
- Privacy by design
- Selling a business
- Small business
- Sporting clubs
- Start-ups
- Tips for good privacy practice
- Trading in personal information
- Privacy for health service providers
- Privacy impact assessments
- Training resources
- e-learning: Undertaking a privacy impact assessment
- e-learning: Privacy in Practice
- Webinar: Preparing your agency’s Privacy Management Plan
- Webinar: Privacy and registered training organisations — lessons from an OAIC privacy assessment
- Webinar: First year of the Notifiable Data Breaches scheme
- Webinar: Notifiable Data Breaches scheme RACGP and OAIC eHealth webinar
- Webinar: Preventing data breaches with OAIC and Tax Practitioners Board
- The Privacy Act
- Rights and responsibilities
- Review of the Privacy Act
- History of the Privacy Act
- Commissioner-initiated investigations
- Privacy regulations
- Rules and guidelines
- Credit reporting
- Health and medical research
- Tax file numbers
- Privacy assessment powers
- Australian Privacy Principles
- Read the Australian Privacy Principles
- Australian Privacy Principles quick reference
- Australian Privacy Principles Guidelines
- Other legislation
- Anti-money laundering
- Criminal records
- Government data matching
- Healthcare identifiers
- Medicare and pharmaceutical benefits
- My Health Record
- Personal Property Securities Register
- Telecommunications
- Privacy in your state
- Privacy decisions
- Privacy registers
- Privacy codes register
- Public interest determinations register
- Privacy opt-in register
- Recognised external dispute resolution (EDR) schemes register
- Data matching exemptions register
- Classes of lawful tax file number recipients
- Privacy assessments
- Freedom of information
- Your FOI rights
- What is freedom of information?
- What is a document?
- Access information under FOI
- Correct your personal information under FOI
- When an FOI request affects you
- FOI and COVID-19 FAQs
- Requesting official documents held by a minister
- How to make an FOI request
- Accessing agency information
- Reviews and complaints
- Internal review
- Information Commissioner review
- Make an FOI complaint
- How we handle an FOI complaint
- How to access Australian Government information
- Guidance and advice
- Administrative access
- Documents held by government contractors
- Making a decision on an FOI access request
- Extension of time for processing requests
- Exemptions and conditional exemptions under the Freedom of Information Act 1982
- Information Publication Scheme (IPS) and Disclosure Log determinations policy and procedure
- Icons for agency websites — ‘Access to information’, Information Publication Scheme and FOI Disclosure Log
- Guidance for agency websites: ‘Access to information’ web page
- Personal and business information — third-party review rights
- Processing requests for amendment or annotation of personal records
- Public holidays and agency shut-down periods — Calculating timeframes under the Freedom of Information Act 1982
- Sample FOI notices
- Statement of reasons checklist
- Twelve tips for FOI decision makers
- Information Publication Scheme (IPS) and Disclosure Log
- Defining an agency
- FOI Guide
- FOIstats guide
- Calculating and imposing charges for FOI access requests
- Who qualifies as a ‘person’ eligible to make a request under s 15 of the Freedom of Information Act 1982?
- Information Publication Scheme overview for Senior Executive Staff
- Processing FOI requests: taking all reasonable steps to find documents
- Disclosure of public servants’ name and contact details in response to FOI requests
- Fact sheet for FOI practitioners to provide to agency staff
- Frequently asked questions
- Are agencies obliged to give applicants information in the form they request?
- Can a request be transferred to or by a minister?
- Do documents have to be released at the same time a decision is notified?
- How do administrative access schemes interact with the proactive disclosure requirements?
- How far should an agency search for a document?
- How long does an agency have to process an freedom of information request?
- Is the decision to publish information in the disclosure log or the Information Publication Scheme a decision that the Information Commissioner can review?
- Should an agency consult anyone else before releasing a document?
- What is personal information and how does it interact with the Freedom of Information Act 1982?
- What are agencies’ obligations with regard to Commonwealth contracts?
- What are the criteria for a vexatious applicant declaration?
- What decisions can the Administrative Appeals Tribunal review?
- What does information ‘routinely provided to parliament’ include for the purposes of the Information Publication Scheme?
- What freedom of information statistics do agencies and ministers need to produce?
- What happens if a request doesn’t comply with the requirements under the Freedom of Information Act 1982?
- What is a disclosure log?
- What is an agency’s role during an Information Commissioner review?
- What is considered a document under the Freedom of Information Act 1982?
- What is ’operational information’ for the purposes of the Information Publication Scheme?
- What is the difference between a complaint and an application for review of a freedom of information decision?
- What is the difference between an exemption and a conditional exemption?
- What protections does the Freedom of Information Act provide from civil liability and breach of copyright?
- When will something be ’unreasonable’ to publish under section 11C and under the Information Publication Scheme?
- Will the Information Commissioner issue a tool to assist agencies to calculate charges?
- Will the Information Commissioner issue guidance on records management?
- How can agencies meet statutory timeframes during the COVID-19 pandemic?
- The FOI Act
- FOI Guidelines
- Summary of version changes to s 93A guidelines
- Part 1 — Introduction to the Freedom of Information Act 1982
- Part 2 — Scope of application of the Freedom of Information Act 1982
- Part 3 — Processing and deciding on requests for access
- Part 4 — Charges for providing access
- Part 5 — Exemptions
- Part 6 — Conditional exemptions
- Part 7 — Amendment and annotation of personal records
- Part 8 — This Part has been superseded and the content moved to Part 3
- Part 9 — Internal agency review of decisions
- Part 10 — Review by the Information Commissioner
- Part 11 — Investigations and complaints
- Part 12 — Vexatious applicant declarations
- Part 13 — Information publication scheme
- Part 14 — Disclosure log
- Part 15 — Reporting
- Glossary
- Information Commissioner decisions
- Information Commissioner review decisions
- Vexatious applicant declarations
- Freedom of information investigation outcomes
- FOI reports
- DIAC response to OMI report on processing of non-routine FOI requests
- Processing of non-routine FOI requests by the Department of Immigration and Citizenship
- FOI at the Department of Human Services
- Review of charges under the Freedom of Information Act 1982: Report to the Attorney-General
- Commissioner-initiated investigation into the Department of Home Affairs
- Reviews
- Internal review
- Review of decisions made under the Freedom of Information Act 1982
- Information Commissioner review process
- Direction as to certain procedures to be followed in IC reviews
- Information Commissioner review decisions
- Quick guide: Information Commissioner review direction for applicants
- Direction as to certain procedures to be followed by applicants in Information Commissioner reviews
- Information Publication Scheme
- FOI Essentials
- Information policy
- What is information policy?
- Open government
- Issues papers
- Issues Paper 1: Towards an Australian Government Information Policy
- Issues Paper 1: submissions
- Issues Paper 2: Understanding the value of public sector information in Australia
- Information policy resources
- Open data quick wins — getting the most out of agency publications
- Principles on open public sector information
- Access to and Use of Public Sector Information: The Academic Re-user Perspective
- Principles on open public sector information: Report on review and development of principles
- Open public sector information: from principles to practice
- Open public sector information: government in transition
- Consumer Data Right
- What is the Consumer Data Right?
- What is CDR data?
- CDR privacy and security
- CDR privacy safeguards
- Managing your CDR data
- CDR complaints
- How to make a CDR complaint
- Before you lodge a complaint with us
- What you can complain to us about
- How we investigate and resolve your complaint
- Your complaint review rights
- CDR resources in other languages
- حقوق بيانات المستهلك وخصوصيتك
- 消费者数据权和您的隐私
- 消費者資料權和您的隱私
- Σύστημα Δικαιωμάτων Καταναλωτή στα Προσωπικά του Δεδομένα και Προστασία των Προσωπικών σας Δεδομένων
- उपभोक्ता डेटा अधिकार और आपकी गोपनीयता
- Diritto ai dati dei consumatori e alla privacy
- ਗਾਹਕ ਡਾਟਾ ਸਬੰਧੀ ਹੱਕ ਅਤੇ ਤੁਹਾਡੀ ਨਿੱਜਤਾ
- Derecho a la Información del Consumidor y su privacidad
- สิทธิในข้อมูลผู้บริโภคและความเป็นส่วนตัวของคุณ
- Quyền Dữ Liệu Người Tiêu Dùng và quyền riêng tư của bạn
- Protecting your CDR data
- CDR Privacy Safeguard Guidelines
- Summary of version changes to CDR Privacy Safeguard Guidelines
- Chapter A: Introductory matters
- Chapter B: Key concepts
- Chapter C: Consent — The basis for collecting and using CDR data
- Chapter 1: Privacy Safeguard 1 — Open and transparent management of CDR data
- Chapter 2: Privacy Safeguard 2 — Anonymity and pseudonymity
- Chapter 3: Privacy Safeguard 3 — Seeking to collect CDR data from CDR participants
- Chapter 4: Privacy Safeguard 4 — Dealing with unsolicited CDR data from CDR participants
- Chapter 5: Privacy Safeguard 5 — Notifying of the collection of CDR data
- Chapter 6: Privacy Safeguard 6 — Use or disclosure of CDR data by accredited data recipients or designated gateways
- Chapter 7: Privacy Safeguard 7 — Use or disclosure of CDR data for direct marketing by accredited data recipients or designated gateways
- Chapter 8: Privacy Safeguard 8 — Overseas disclosure of CDR data by accredited data recipients
- Chapter 9: Privacy Safeguard 9 — Adoption or disclosure of government related identifiers by accredited data recipients
- Chapter 10: Privacy Safeguard 10 — Notifying of the disclosure of CDR data
- Chapter 11: Privacy Safeguard 11 — Quality of CDR data
- Chapter 12: Privacy Safeguard 12 — Security of CDR data and destruction or de-identification of redundant CDR data
- Chapter 13: Privacy Safeguard 13 — Correction of CDR data
- Guidance and advice
- Guide to developing a CDR policy
- Guide to privacy for data holders
- Privacy FAQs for accredited data recipient customers
- CDR data
- CDR participants
- Privacy obligations
- Consumer consent and authorisation
- Consumer dashboards
- Consumer complaints
- CDR legislation
- CDR regulation
- Privacy safeguards
- CDR Regulatory Action Policy
- Compliance and Enforcement Policy
- CDR and the Privacy Act
- Updates
- Engage with us
- About our site