Skip to main content

Privacy and FOI advice for the COVID-19 pandemic. Learn more

OAIC - Australian Government - Office of the Australian Information Commissioner
  • Make a privacy complaint
  • Report a data breach
  • Apply for an FOI review
  • Contact us

Main menu

Close
  • About us
    • What we do
    • Our executive
    • Our corporate information
    • Our regulatory approach
    • Access our information
    • Join our team
    • Translations
    • Contact us
  • Privacy
    • For individuals
      • Your privacy rights
      • Privacy complaints
      • Health information
      • Credit reporting
      • Data breaches
      • COVID-19
    • For organisations and agencies
      • Australian Privacy Principles guidelines
      • Guidance and advice
      • Notifiable data breaches
      • Privacy for government agencies
      • Privacy for organisations
      • Privacy for health service providers
      • Training resources
    • Law
      • The Privacy Act
      • Australian Privacy Principles
      • Other legislation
      • Privacy in your state
      • Privacy decisions
      • Privacy registers
      • Privacy assessments
  • Freedom of information
    • For individuals
      • Your FOI rights
      • How to make an FOI request
      • Accessing agency information
      • Reviews and complaints
      • How to access Australian Government information
    • For agencies
      • Guidance and advice
      • Frequently asked questions
      • Reviews
      • Information Publication Scheme
      • FOI Essentials
    • Law
      • The FOI Act
      • FOI Guidelines
      • Information Commissioner decisions
      • FOI reports
  • Information policy
    • What is information policy?
    • Open government
    • Issues papers
    • Information policy resources
  • Consumer Data Right
    • For consumers
      • What is the Consumer Data Right?
      • What is CDR data?
      • Managing your CDR data
      • Protecting your CDR data
      • CDR complaints
      • More CDR information
      • CDR resources in other languages
    • For participants
      • CDR Privacy Safeguard Guidelines
      • Guidance and advice
      • CDR data
      • CDR participants
      • Privacy obligations
      • Consumer consent and authorisation
      • Consumer dashboards
      • Consumer complaints
    • Law
      • CDR legislation
      • CDR regulation
      • Privacy safeguards
      • CDR Regulatory Action Policy
      • Compliance and Enforcement Policy
      • CDR and the Privacy Act
Home /
Listen to this page ?ReadSpeaker help

Site map

  • Home
  • About us
    • What we do
    • Our executive
      • Our structure
    • Our corporate information
      • Annual reports
      • Corporate plans
      • Key documents
      • Budget
      • Indexed lists of files
      • Government contracts
      • Grants and appointments
      • Legal services expenditure
      • Operational information
      • Memorandums of understanding
      • Gifts and benefits register
      • OAIC international strategy 2020–2021
    • Our regulatory approach
      • Privacy regulatory action policy
      • Guide to privacy regulatory action
      • Freedom of information regulatory action policy
      • Privacy Regulatory Priorities 2020-21
    • Access our information
      • Administrative access to information
      • Freedom of information requests to the OAIC
      • Our Information Publication Scheme
      • Our FOI disclosure log
      • Our Privacy Impact Assessment Register
    • Join our team
      • APS5 Assistant Review and Investigation Adviser (Legal) APS6 Review Adviser (Legal)
      • APS 5, APS 6 and EL 1 Investigations and Dispute Resolution Roles – Multiple positions
      • Executive Level 2, Director FOI
    • Translations
      • Auslan
      • Arabic / العربية
      • Chinese / 中文
      • Greek / ελληνικός
      • Italian / Italiano
      • Korean / 한국어
      • Russian / Русский
      • Spanish / Español
      • Thai / ไทย
      • Turkish / Türkçe
      • Vietnamese / Tiếng Việt
    • Contact us
  • Privacy
    • Your privacy rights
      • What is privacy?
      • What is a privacy policy?
      • Tips to protect your privacy
      • Your personal information
      • Advertising and marketing
      • Children and young people
      • Criminal records
      • Political parties and elections
      • Government agencies
      • Employment
      • Social media and online privacy
      • Surveillance and monitoring
      • Tenancy
      • Privacy Challenge
      • Bushfire emergency
    • Privacy complaints
      • Before you lodge a complaint with us
      • What you can complain about
      • Complain to an organisation or agency
      • Lodge a privacy complaint with us
      • How we investigate and resolve your complaint
      • Your complaint review rights
      • Online privacy complaint form
      • External dispute resolution schemes
      • Immigration Data Breach Privacy Complaint
    • Health information
      • What is health information?
      • What is a health service provider?
      • Handling health information
      • Access your health information
      • Correct your health information
      • My Health Record
    • Credit reporting
      • What is credit reporting?
      • What is a credit report?
      • What stays on a credit report?
      • Access your credit report
      • Correct your credit report
      • Make a credit reporting complaint
      • Credit reporting terms
      • Repayment history and defaults
      • Third-party access to credit report
      • Fraud and your credit report
      • Commercial credit information
      • Hardship assistance
      • Information on your credit report
    • Data breaches
      • What is a data breach?
      • What is a notifiable data breach?
      • Respond to a data breach notification
      • Make a data breach complaint
      • Identity fraud
      • Data breach support and resources
    • COVID-19
      • The COVIDSafe app and my privacy rights
      • The COVIDSafe app and my privacy rights in other languages
    • Australian Privacy Principles guidelines
      • Summary of version changes to APP guidelines
      • Preface
      • Chapter A: Introductory matters
      • Chapter B: Key concepts
      • Chapter C: Permitted general situations
      • Chapter D: Permitted health situations
      • Chapter 1: APP 1 — Open and transparent management of personal information
      • Chapter 2: APP 2 — Anonymity and pseudonymity
      • Chapter 3: APP 3 — Collection of solicited personal information
      • Chapter 4: APP 4 — Dealing with unsolicited personal information
      • Chapter 5: APP 5 — Notification of the collection of personal information
      • Chapter 6: APP 6 — Use or disclosure of personal information
      • Chapter 7: APP 7 — Direct marketing
      • Chapter 8: APP 8 — Cross-border disclosure of personal information
      • Chapter 9: APP 9 — Adoption, use or disclosure of government related identifiers
      • Chapter 10: APP 10 — Quality of personal information
      • Chapter 11: APP 11 — Security of personal information
      • Chapter 12: APP 12 — Access to personal information
      • Chapter 13: APP 13 — Correction of personal information
    • Guidance and advice
      • Agency referee reports
      • Data breach preparation and response
      • De-identification Decision-Making Framework
      • Anti-money laundering obligations
      • Interactive Privacy Management Plan (for agencies)
      • De-identification and the Privacy Act
      • Mobile privacy: a better practice guide for mobile app developers
      • Guide to developing an APP privacy policy
      • Guide to mandatory data breach notification in the My Health Record system
      • Guide to securing personal information
      • Guide to the Privacy (Persons Reported as Missing) Rule 2014
      • Guide to undertaking privacy impact assessments
      • Handling privacy complaints
      • Privacy public interest determination guide
      • What is personal information?
      • Guidelines for developing codes
      • Guidelines for recognising external dispute resolution schemes
      • Guidelines on data matching in Australian Government administration
      • Keeping records of disclosures under the Telecommunications Act 1997
      • Telecommunications service providers’ obligations arising under the Privacy Act 1988 as a result of Part 5-1A of the Telecommunications (Interception and Access) Act 1979
      • Dealing with requests for access to personal information
      • Dealing with requests for correction of personal information
      • Australian entities and the EU General Data Protection Regulation (GDPR)
      • Sending personal information overseas
      • Privacy management framework: enabling compliance and encouraging good practice
      • Privacy management plan template (for organisations)
      • Guide to data analytics and the Australian Privacy Principles
      • How to develop an APP privacy policy
      • 10 steps to undertaking a privacy impact assessment
      • Protecting customers' personal information
      • Self-assessment checklist: Privacy obligations under the Data Retention Scheme
      • Direct marketing
      • Emergencies and disasters
      • National Relay Service
      • Transfer of financial adviser records
      • Centrelink requests for information
      • Conducting surveys
      • ID scanners
      • Posting photos and videos
      • The Privacy (Tax File Number) Rule 2015 and the protection of tax file number information
      • Individual healthcare identifiers — Compliance obligations for state and territory healthcare providers
      • Guide to health privacy
      • Privacy action plan for your health practice
      • Australian Bushfires Disaster Emergency Declaration — Understanding your privacy obligations
      • Data breach action plan for health service providers
      • Coronavirus (COVID-19): Understanding your privacy obligations to your staff
      • Assessing privacy risks in changed working environments: Privacy Impact Assessments
      • Guidance for businesses collecting personal information for contact tracing
      • Privacy obligations regarding COVIDSafe and COVID app data
      • When do agencies need to conduct a privacy impact assessment?
      • Rule 42 guidance
      • Guidance for state and territory health authorities regarding COVIDSafe and COVID app data
      • Coronavirus (COVID-19) Vaccinations: Understanding your privacy obligations to your staff
    • Notifiable data breaches
      • About the Notifiable Data Breaches scheme
      • When to report a data breach
      • Report a data breach
      • Notifiable data breaches statistics
      • Preventing data breaches: advice from the Australian Cyber Security Centre
    • Privacy for government agencies
      • Australian Government Agencies Privacy Code
      • Privacy Code checklist
      • Privacy Officer Toolkit
    • Privacy for organisations
      • Rights and responsibilities
      • Credit reporting
      • Employee records exemption
      • Guidance and advice
      • Privacy by design
      • Selling a business
      • Small business
      • Sporting clubs
      • Start-ups
      • Tips for good privacy practice
      • Trading in personal information
    • Privacy for health service providers
      • Guide to health privacy
      • Privacy action plan for your health practice
      • My Health Record
      • Data breach action plan for health service providers
      • Individual healthcare identifiers
      • Guidance and advice
      • Communications with patients
      • Taking photos of patients
    • Training resources
      • e-learning: Undertaking a privacy impact assessment
      • e-learning: Privacy in Practice
      • Webinar: Preparing for the Notifiable Data Breaches scheme
      • Webinar: Preparing your agency’s Privacy Management Plan
      • Webinar: Privacy and registered training organisations — lessons from an OAIC privacy assessment
      • Webinar: First year of the Notifiable Data Breaches scheme
      • Webinar: Notifiable Data Breaches scheme RACGP and OAIC eHealth webinar
    • The Privacy Act
      • Rights and responsibilities
      • Review of the Privacy Act
      • Credit reporting
      • Health and medical research
      • History of the Privacy Act
      • Privacy regulations
      • Rules and guidelines
      • Tax file numbers
      • Australian Government Privacy Act Review
    • Australian Privacy Principles
      • Read the Australian Privacy Principles
      • Australian Privacy Principles quick reference
      • Australian Privacy Principles Guidelines
    • Other legislation
      • Anti-money laundering
      • Criminal records
      • Government data matching
      • Healthcare identifiers
      • Medicare and pharmaceutical benefits
      • My Health Record
      • Personal Property Securities Register
      • Telecommunications
    • Privacy in your state
      • Privacy in the ACT
    • Privacy decisions
      • Privacy determinations
      • Enforceable undertakings
      • Investigation reports
      • Privacy complaint outcomes
    • Privacy registers
      • Privacy codes register
      • Public interest determinations register
      • Privacy opt-in register
      • Recognised external dispute resolution (EDR) schemes register
      • Data matching exemptions register
      • Classes of lawful tax file number recipients
    • Privacy assessments
  • Freedom of information
    • Your FOI rights
      • What is freedom of information?
      • What is a document?
      • Access information under FOI
      • Correct your personal information under FOI
      • When an FOI request affects you
      • FOI and COVID-19 FAQs
    • How to make an FOI request
      • When to expect a decision
      • What charges may apply?
      • Extensions of time
    • Accessing agency information
      • Disclosure logs
      • Information Publication Scheme
    • Reviews and complaints
      • Internal review
      • Information Commissioner review
      • Make an FOI complaint
      • How we handle an FOI complaint
    • How to access Australian Government information
    • Guidance and advice
      • Administrative access
      • Documents held by government contractors
      • Making a decision on an FOI access request
      • Extension of time for processing requests
      • Exemptions and conditional exemptions under the Freedom of Information Act 1982
      • Information Publication Scheme (IPS) and Disclosure Log determinations policy and procedure
      • Icons for agency websites — ‘Access to information’, Information Publication Scheme and FOI Disclosure Log
      • Guidance for agency websites: ‘Access to information’ web page
      • Personal and business information — third-party review rights
      • Processing requests for amendment or annotation of personal records
      • Public holidays and agency shut-down periods — Calculating timeframes under the Freedom of Information Act 1982
      • Sample FOI notices
      • Statement of reasons checklist
      • Twelve tips for FOI decision makers
      • Information Publication Scheme (IPS) and Disclosure Log
      • Defining an agency
      • FOI Guide
      • FOIstats guide
      • Calculating and imposing charges for FOI access requests
      • Who qualifies as a ‘person’ eligible to make a request under s 15 of the Freedom of Information Act 1982?
      • Information Publication Scheme overview for Senior Executive Staff
      • Processing FOI requests: taking all reasonable steps to find documents
      • Disclosure of public servants’ name and contact details in response to FOI requests
      • Fact sheet for FOI practitioners to provide to agency staff
    • Frequently asked questions
      • Are agencies obliged to give applicants information in the form they request?
      • Can a request be transferred to or by a minister?
      • Do documents have to be released at the same time a decision is notified?
      • How do administrative access schemes interact with the proactive disclosure requirements?
      • How far should an agency search for a document?
      • How long does an agency have to process an freedom of information request?
      • Is the decision to publish information in the disclosure log or the Information Publication Scheme a decision that the Information Commissioner can review?
      • Should an agency consult anyone else before releasing a document?
      • What is personal information and how does it interact with the Freedom of Information Act 1982?
      • What are agencies’ obligations with regard to Commonwealth contracts?
      • What are the criteria for a vexatious applicant declaration?
      • What decisions can the Administrative Appeals Tribunal review?
      • What does information ‘routinely provided to parliament’ include for the purposes of the Information Publication Scheme?
      • What freedom of information statistics do agencies and ministers need to produce?
      • What happens if a request doesn’t comply with the requirements under the Freedom of Information Act 1982?
      • What is a disclosure log?
      • What is an agency’s role during an Information Commissioner review?
      • What is considered a document under the Freedom of Information Act 1982?
      • What is ’operational information’ for the purposes of the Information Publication Scheme?
      • What is the difference between a complaint and an application for review of a freedom of information decision?
      • What is the difference between an exemption and a conditional exemption?
      • What is the role of the Commonwealth Ombudsman in complaints about freedom of information matters?
      • What protections does the Freedom of Information Act provide from civil liability and breach of copyright?
      • When will something be ’unreasonable’ to publish under section 11C and under the Information Publication Scheme?
      • Will the Information Commissioner issue a tool to assist agencies to calculate charges?
      • Will the Information Commissioner issue guidance on records management?
      • How can agencies meet statutory timeframes during the COVID-19 pandemic?
    • The FOI Act
      • Rights and responsibilities
      • FOI regulations
      • FOI determinations
      • Other FOI jurisdictions
    • FOI Guidelines
      • Summary of version changes to s 93A guidelines
      • Part 1 — Introduction to the Freedom of Information Act 1982
      • Part 2 — Scope of application of the Freedom of Information Act 1982
      • Part 3 — Processing and deciding on requests for access
      • Part 4 — Charges for providing access
      • Part 5 — Exemptions
      • Part 6 — Conditional exemptions
      • Part 7 — Amendment and annotation of personal records
      • Part 8 — This Part has been superseded and the content moved to Part 3
      • Part 9 — Internal agency review of decisions
      • Part 10 — Review by the Information Commissioner
      • Part 11 — Investigations and complaints
      • Part 12 — Vexatious applicant declarations
      • Part 13 — Information publication scheme
      • Part 14 — Disclosure log
      • Part 15 — Reporting
      • Glossary
    • Information Commissioner decisions
      • Information Commissioner review decisions
      • Vexatious applicant declarations
      • Freedom of information investigation outcomes
    • FOI reports
      • DIAC response to OMI report on processing of non-routine FOI requests
      • Processing of non-routine FOI requests by the Department of Immigration and Citizenship
      • FOI at the Department of Human Services
      • Review of charges under the Freedom of Information Act 1982: Report to the Attorney-General
      • Commissioner-initiated investigation into the Department of Home Affairs
    • Reviews
      • Internal review
      • Review of decisions made under the Freedom of Information Act 1982
      • Information Commissioner review process
      • Direction as to certain procedures to be followed in IC reviews
      • Information Commissioner review decisions
    • Information Publication Scheme
      • Information Publication Scheme survey 2018
      • Information Publication Scheme survey 2012
    • FOI Essentials
  • Information policy
    • What is information policy?
    • Open government
    • Issues papers
      • Issues Paper 1: Towards an Australian Government Information Policy
      • Issues Paper 1: submissions
      • Issues Paper 2: Understanding the value of public sector information in Australia
    • Information policy resources
      • Open data quick wins — getting the most out of agency publications
      • Principles on open public sector information
      • Access to and Use of Public Sector Information: The Academic Re-user Perspective
      • Principles on open public sector information: Report on review and development of principles
      • Open public sector information: from principles to practice
      • Open public sector information: government in transition
  • Consumer Data Right
    • What is the Consumer Data Right?
    • What is CDR data?
    • Managing your CDR data
    • Protecting your CDR data
    • CDR complaints
      • How to complain to a CDR provider
      • Before you lodge a complaint with us
      • What you can complain to us about
      • How we investigate and resolve your complaint
      • Your complaint review rights
    • More CDR information
    • CDR resources in other languages
      • حقوق بيانات المستهلك وخصوصيتك
      • 消费者数据权和您的隐私
      • 消費者資料權和您的隱私
      • Σύστημα Δικαιωμάτων Καταναλωτή στα Προσωπικά του Δεδομένα και Προστασία των Προσωπικών σας Δεδομένων
      • उपभोक्ता डेटा अधिकार और आपकी गोपनीयता
      • Diritto ai dati dei consumatori e alla privacy
      • ਗਾਹਕ ਡਾਟਾ ਸਬੰਧੀ ਹੱਕ ਅਤੇ ਤੁਹਾਡੀ ਨਿੱਜਤਾ
      • Derecho a la Información del Consumidor y su privacidad
      • สิทธิในข้อมูลผู้บริโภคและความเป็นส่วนตัวของคุณ
      • Quyền Dữ Liệu Người Tiêu Dùng và quyền riêng tư của bạn
    • CDR Privacy Safeguard Guidelines
      • Summary of version changes to CDR Privacy Safeguard Guidelines
      • Chapter A: Introductory matters
      • Chapter B: Key concepts
      • Chapter C: Consent — The basis for collecting and using CDR data
      • Chapter 1: Privacy Safeguard 1 — Open and transparent management of CDR data
      • Chapter 2: Privacy Safeguard 2 — Anonymity and pseudonymity
      • Chapter 3: Privacy Safeguard 3 — Seeking to collect CDR data from CDR participants
      • Chapter 4: Privacy Safeguard 4 — Dealing with unsolicited CDR data from CDR participants
      • Chapter 5: Privacy Safeguard 5 — Notifying of the collection of CDR data
      • Chapter 6: Privacy Safeguard 6 — Use or disclosure of CDR data by accredited data recipients or designated gateways
      • Chapter 7: Privacy Safeguard 7 — Use or disclosure of CDR data for direct marketing by accredited data recipients or designated gateways
      • Chapter 8: Privacy Safeguard 8 — Overseas disclosure of CDR data by accredited data recipients
      • Chapter 9: Privacy Safeguard 9 — Adoption or disclosure of government related identifiers by accredited data recipients
      • Chapter 10: Privacy Safeguard 10 — Notifying of the disclosure of CDR data
      • Chapter 11: Privacy Safeguard 11 — Quality of CDR data
      • Chapter 12: Privacy Safeguard 12 — Security of CDR data and destruction or de-identification of redundant CDR data
      • Chapter 13: Privacy Safeguard 13 — Correction of CDR data
    • Guidance and advice
      • Guide to developing a CDR policy
      • Guide to privacy for data holders
      • Privacy FAQs for accredited data recipient customers
    • CDR data
    • CDR participants
    • Privacy obligations
    • Consumer consent and authorisation
    • Consumer dashboards
    • Consumer complaints
    • CDR legislation
    • CDR regulation
    • Privacy safeguards
    • CDR Regulatory Action Policy
    • Compliance and Enforcement Policy
    • CDR and the Privacy Act
  • Updates
    • News and media
    • Speeches
    • Videos
    • Sign up
    • COVID-19
  • Engage with us
    • Networks
    • Privacy Awareness Week
    • Access to Information Day
    • Consultations
    • Submissions
    • Research
  • About our site
    • Website help
    • Site map
    • Accessibility
    • Copyright
    • Terms and conditions
    • Privacy policy

Footer navigation

Contact us

1300 363 992

GPO Box 5218 Sydney
NSW 2001

ABN: 85 249 230 937

View all contact details

Updates

  • News and media
  • Speeches
  • Videos
  • Sign up
  • COVID-19

Engage with us

  • Networks
  • Privacy Awareness Week
  • Access to Information Day
  • Consultations
  • Submissions
  • Research

About our site

  • Website help
  • Site map
  • Accessibility
  • Copyright
  • Terms and conditions
  • Privacy policy
  • Twitter
  • Facebook
  • YouTube
  • LinkedIn
Access to information

Other languages

  • Auslan
  • العربية
  • 中文
  • ελληνικός
  • Italiano
  • 한국어
  • Español
  • ไทย
  • Türkçe
  • Tiếng Việt
  • हिन्दी
  • ਪੰਜਾਬੀ

Acknowledgement of Country

We acknowledge the traditional custodians of Australia and their continuing connection to land, sea and community. We pay our respects to the people, the cultures and the elders past, present and emerging.