Delegation of privacy powers and functions

Senior
Executive Service Band 2, Information Rights Division;

Senior
Executive Service Band 2, Regulatory Action Division

Part IIIC, Division 3 – Commissioner may direct entity to notify eligible data breach, s 26WR

Part IIIC, Division 4 – Power to obtain information and documents relating to eligible data breaches, s 26WU

Part IV — Functions of the Information Commissioner, all functions and powers (except ss 28(1)(a) or (b), 28B(1)(a), (b) and (c) and 33B)

Part V — Investigations, all functions and powers (except ss 53A, 53B, 55B, 62 and 66 )

Part VI, Division 1 — Public interest determinations, ss 73, 74, 75, 76, and 77

Part VI, Division 3 — Register of Determinations, s 80E.

Part VIIC, Division 5, ss 85ZZ*; 85ZZA; 85ZZC; 85ZZD

Section 13(7)

Section 29

Sections 73, 73A

Section 309(1)

Part IVD, Division 5, ss 56EQ (except s 56EQ(1)(a)); 56ER(1) and (2); 56ET (all functions and powers in Part V of the Privacy Act 1988 except ss 53B, 55B, 62 and 66 of the Privacy Act 1988)

Part IVD, Division 7, s 56GA(1)(a)

Senior
Executive Service Band 1, Privacy Case Management Branch

Part IIIC, Division 4 – Power to obtain information and documents relating to eligible data breaches, s 26WU

Part IV — Functions of the Information Commissioner, all functions and powers (except ss 28(1)(a) or (b), 28B(1)(a), (b) and (c) and 33B)

Part V — Investigations, all functions and powers (except ss 53A, 53B, 55B, 62 and 66)

Part VI, Division 1 — Public interest determinations, ss 73, 74, 75, 76, and 77

Part VI, Division 3 — Register of Determinations, s 80E.

Part VIIC, Division 5, ss 85ZZ*; 85ZZA; 85ZZC;  85ZZD

Section 13(7)

Section 29

Sections 73, 73A

Section 309(1)

Part IVD, Division 5, ss 56EQ (except s 56EQ(1)(a)); 56ER(1) and (2); 56ET (all functions and powers in Part V of the Privacy Act 1988 except ss 53B, 55B, 62 and 66 of the Privacy Act 1988)

Part IVD, Division 7, s 56GA(1)(a)

Senior
Executive Service Band 1, Regulatory Intelligence & Strategy Branch

Part IIIC, Division 4 – Power to obtain information and documents relating to eligible data breaches, s 26WU

Part IV — Functions of the Information Commissioner, all functions and powers (except ss 28(1)(a) or (b), 28B(1)(a), (b) or (c) and 33B)

Part V — Investigations, all functions and powers (except ss 52, 53A, 53B, 55B, 62 and  66 )

Part VI, Division 1 — Public interest determinations, ss 73, 74, 75, 76, and 77

Part VI, Division 3 — Register of Determinations, s 80E.

Part VIIC, Division 5, ss 85ZZ*; 85ZZA; 85ZZC; 85ZZD

Section 13(7)

Section 29

Sections 73, 73A

Section 309(1)

Part IVD, Division 5, ss 56EQ (except s 56EQ(1)(a)); 56ER(1) and (2); 56ET (all functions and powers in Part V of the Privacy Act 1988 except ss 52, 53B, 55B, 62 and 66 of the Privacy Act 1988)

Part IVD, Division 7, s 56GA(1)(a)

Senior
Executive Service Band 1, Regulatory Action Division

Part IIIC, Division 4 – Power to obtain information and documents relating to eligible data breaches, s 26WU

Part IV — Functions of the Information Commissioner, ss 27(1) and (2), 28(1)(c) and (d), 28(3), 28A  28B(1)(d), 33C and 33D

Part V, Division 1 — Investigation of complaints and investigations on Commissioner's initiative, all functions and powers

Part VI, Division 3 — Register of Determinations, s 80E.

Part VIIC, Division 5, ss 85ZZ*; 85ZZA; 85ZZC

Section 13(7)

Section 29

Sections 73, 73A

Section 309(1)

Part IVD, Division 5, ss 56EQ(1)(b) and (c), 56EQ(6); 56ER(1) and (2); 56ET (all functions and powers in Part V, Division 1 of the Privacy Act 1988)

Part IVD, Division 7, s 56GA(1)(a)

Part 2, Division 1, section 42

Executive Level 2 Privacy Case Management, Intake and Eligibility, and Regulatory Intelligence & Strategy Branches, Regulatory Action Division

Part IIIC, Division 4 – Power to obtain information and documents relating to eligible data breaches, s 26WU

Part IV — Functions of the Information Commissioner, ss 27(1) and (2), 28(1)(c) and (d), 28(3), 28A, 28B(1)(d) and 33C

Part V, Division 1 — Investigation of complaints and investigations on Commissioner's initiative, all functions and powers

Part VI, Division 3 — Register of Determinations, s 80E.

Part VIIC, Division 5, ss 85ZZ*; 85ZZA; 85ZZC

Section 13(7)

Section 29

Sections 73, 73A

Section 309(1)

Part IVD, Division 5, ss 56EQ(1)(b) and (c), 56EQ(6); 56ER(1) and (2); 56ET (all functions and powers in Part V, Division 1 of the Privacy Act 1988)

Part IVD, Division 7, s 56GA(1)(a)

Part 2, Division 1, section 42

Executive Level 1 to Australian Public Service 2, Privacy Case Management, Intake and Eligibility, and Regulation Intelligence & Strategy Branches (excluding Communications and Engagement staff); Regulatory Action Division

Part IV — Functions of the Information Commissioner, ss 27(1) and (2), 28(1)(c) and (d), 28(3), 28A, 33C(1) and (2)

Part V, Division 1 — Investigation of complaints and investigations on Commissioner's initiative, ss 36(4), 40, 40A, 41, 42, 43(1) to (3), 48, 50 and 50A.

Part VllC, Division 5, ss 85ZZ*; 85ZZA; 85ZZC

Section 13(7)

Section 29

Sections 73, 73A

Section 309(1)

Part IVD, Division 5, ss 56EQ(1)(b) and (c), 56EQ(6); 56ER(1) and (2); 56ET (functions and powers in ss 36(4), 40, 40A, 41, 42, 43(1) to (3), 48, and 50A of the Privacy Act 1988)

Part IVD, Division 7, s 56GA(1)(a)

All Staff, Communications and
Engagement

Part IV, Division 2 — Functions of Commissioner, sections 27(1) and (2) and 28(1)(c) and (d)

Part V, Division 1, s 36(4) provide assistance to a person who wishes to make a complaint.

Part IVD, Division 5, ss 56EQ(1)(b) and (c); 56ET (functions and powers in Part V, Division 1, s 36(4) of the Privacy Act 1988 provide assistance to a person who wishes to make a complaint)

Part IVD, Division 7, s 56GA(1)(a)

*Conditions on delegations

Even where delegated, the following powers and functions may only be undertaken with the approval of the Information Commissioner, given s 12(4) of the Australian Information Commissioner Act 2010 (Cth):

1. performing the functions, and exercising the powers, conferred on the Commissioner by Part IIIB of the Privacy Act 1988 (concerning Privacy Codes);
2. the making of guidelines under paragraph 28(1)(a) or (b) of the Privacy Act 1988, or the variation or revocation of those guidelines;
3. the issue, variation or revocation of rules under:
   1. section 17 of the Privacy Act 1988; or
   2. section 12 of the Data‑matching Program (Assistance and Tax) Act 1990; or
   3. section 135AA of the National Health Act 1953;
4. the making of a report or recommendation to the Minister in relation to any matter that concerns the need for or the desirability of legislative or administrative action in the interests of the privacy of individuals under paragraph 28B(1)(c) of the Privacy Act 1988;
5. advising the Minister whether an exclusion from the application of Division 3 of Part VIIC of the Crimes Act 1914 should be granted and whether there should be any restrictions on the circumstances in which an exclusion would apply under paragraph 85ZZ(1)(b) of that Act.