-
On this page
What is a Privacy Management Plan?
All Australian Government Agencies are required to have a Privacy Management Plan (PMP) under the Australian Government Agencies Privacy Code. The PMP identifies specific, measurable privacy goals and targets and sets out how an agency, including the Office of the Australian Information Commissioner (OAIC) will meet its compliance obligations under APP 1.2. The OAIC must measure and document its performance against its privacy management plan at least annually.
Before developing a PMP, every agency will need to understand the current state of their privacy practices. The OAIC has built on previous PMPs and used the OAIC’s Interactive PMP Explained resource to help identify opportunities to improve maturity.
Privacy risk profile
The OAIC faces a medium-to-high level of privacy risk because we:
- provide advice and guidance to other agencies/organisations on legislative requirements and best practice to comply with the Privacy Act.
- collect and use personal information as part of our functions, specifically when investigating complaints, reviewing FOI decisions, and providing advice to the public. Information held by the OAIC can be very sensitive, especially when it involves people who are experiencing vulnerability.
- oversee how other entities handle personal information under the Privacy Act and lead by example managing privacy complaints about OAIC.
