Office of the Australian Information Commissioner - Home

Australian Government - Office of the Australian Information Commissioner
Australian Government - Office of the Australian Information Commissioner

Main menu

The role of the Privacy Contact Officer in Australian government agencies

About PCOs

PCOs are the first point of contact for advice on privacy matters related to their agency. The Office of the Australian Information Commissioner (OAIC) strongly encourages each agency to have a PCO.

The OAIC coordinates a network of government privacy and freedom of information contact officers called the Information Contact Officers Network (ICON). If you are a PCO and would like to join ICON, further information is available on the Subscribe page of this website.

You can also contact us to find out who your agency PCO is, or to find out the PCO of another agency.

Back to Contents

Who should our agency appoint as PCO?

Make sure you appoint someone of sufficient seniority to be PCO. Generally, an officer below the executive level would have difficulty fulfilling the role. This is because the PCO needs to be involved in many aspects of the agency's operations, including the decision-making processes of the agency.

Generally, the role of the PCO will include:

  • participating in the development of new initiatives that have a potential privacy impact
  • providing advice on the general application of the Privacy Act 1988 (Privacy Act) to new agency initiatives or to the agency's general operations
  • handling, or supervising the handling, of privacy complaints and enquiries
  • training staff in aspects of the Privacy Act that apply to their day-to-day activities
  • being the primary privacy contact for the Office of the Australian Information Commissioner.

Back to Contents

What do I need to know as a PCO?

As a PCO, you need to have a good understanding of the Australian Privacy Principles (APPs) in the Privacy Act. Understanding the APPs will help you provide internal advice on the application of the Privacy Act to your agency's activities and to assess privacy complaints made by individuals.

There is plenty of guidance material to help you in your role as PCO. Take a look at the Privacy topics — Government section and the Privacy resources.

You should also try to attend ICON meetings to keep abreast of new developments and helpful documents associated with privacy.

Back to Contents

Notifying our office of possible breaches

In the event that a data breach occurs in your agency, depending on the severity of the breach, it can be a good idea to inform our office.

The OAIC updated its detailed guidance about Data Breach Notification in April 2012. Please see Data breach notification - A guide to handling personal information security breaches.

For information about when to approach the OAIC for advice, see 'When should a privacy contact officer approach the Office of the Australian Information Commissioner for advice?'

Back to Contents

When should a Privacy Contact Officer approach the Office of the Australian Information Commissioner for advice?

The Office of the Australian Information Commissioner (OAIC) responds, where possible, to agency requests for advice on matters with significant privacy implications. The OAIC expects to be consulted on any agency proposals involving the handling of personal information that might have a significant impact on the privacy of individuals, including: notable new policy proposals or changes to existing activities, cabinet submissions and pieces of draft legislation.

The types of issues on which to consult the OAIC include:

  • Proposals for increased levels of identification or authentication of identity potentially involving personal information, measures to combat identity fraud, and initiatives involving the sharing of personal information between Australian or State government agencies or with the private sector
  • Health sector proposals, particularly in relation to the personally controlled electronic health record system, other online heath initiatives and proposals relating to unique health identifiers
  • Government online activities, and information and communications technology developments, that may involve the handling of personal information
  • Proposals for additional data-matching using the tax file number, or new, large-scale, cross-agency data matching
  • Whole of government approaches to service delivery
  • Privacy issues related to national security initiatives.

We encourage agencies and their privacy contact officers (PCOs) to make use of the generic advice available in the Australian Privacy Principles (APP) Guidelines, and other information provided on our website. We also encourage PCOs to use the Information Contact Officers Network, which serves as an invaluable source of collective experience and learning in relation to Australian public sector privacy and freedom of information.

Back to Contents