Privacy Impact Assessments Register

All OAIC Privacy Impact Assessments required under the Australian Government Agencies Privacy Code will be listed in this register.

Reference number

Date PTA completed


Outcome – PIA required?



Mandatory Check-in at the OAIC and QR codes




International Access to Information Day/ICON  webinar




Use of the Document Verification Service (DVS) for verification of personal identity information.




ICT Hardware Replacement




OCT Migration to DESE


Reference number Date postedTitle
D2020/022528 24/02/2021

Joint OAIC ACCC Complaint Handling System for the Consumer Data Right: PIA Summary

This PIA considers privacy risks associated with the new joint OAIC and Australian Competition and Consumer Commission (ACCC) Complaint handling system for the Consumer Data right (CDR) (the joint system).

The OAIC and the ACCC are co-regulators of the CDR. The OAIC enforces the Privacy Safeguards and privacy and confidentiality-related rules, and can investigate consumer complaints regarding the handling of their CDR-data. The ACCC enforces the CDR Rules and data standards and carries out strategic enforcement.

To ensure the effective operation of the CDR and provide seamless handling of enquiries, reports and complaints between the agencies involved, the OAIC and ACCC apply a ‘no wrong door’ approach. To enable this approach, the OAIC has developed a joint complaint handling system, so that consumer enquiries, reports and complaints can be submitted through one channel, and then triaged appropriately to either the OAIC, the ACCC, or an external dispute resolution (EDR) scheme. Part IVD of the Competition and Consumer Act 2010 (Cth) and the Competition and Consumer (Consumer Data Right) Rules 2020 (Cth), together with amendments to the Australian Information Commissioner Act 2010 (Cth), provide information sharing powers for this purpose.

The PIA assesses any risks to individual privacy presented by the implementation of the joint system and makes recommendations to mitigate those risks.

Topics addressed in this PIA include how personal information will flow through the system, an assessment of compliance with the APPs and how consistent the system is with community expectations about privacy.

D2020/005283 29 May 2020

Working remotely in response to COVID-19

This PIA considers privacy risks associated with changes to working arrangements at the OAIC in response to the COVID-19 pandemic.

The PIA considers whether changes to physical working arrangements will impact on the handling of personal information, assesses potential privacy risks, and makes recommendations to mitigate those risks.

It addresses key topics including governance, culture and training, internal practices, procedures and systems, ICT security, access security, data breaches, physical security and stakeholder considerations.

Last updated 23 August 2021