Skip to main content
Skip to secondary navigation
Australian Government - Office of the Australian Information Commissioner - Home

Commencement of the Australian Government Agencies Privacy Code

The Australian Government Agencies Privacy Code (the Code) came into effect on 1 July 2018, requiring Australian Government Agencies to move to a best practice approach to privacy governance across the APS, with the ongoing support of the Office of the Australian Information Commissioner (OAIC).

For the past year, the OAIC has been working with agencies to assist them in meeting the obligations of the Code.

Under the Code, agencies are required to:

  • have a privacy management plan
  • appoint a Privacy Officer, or Privacy Officers, and ensure that particular Privacy Officer functions are undertaken
  • appoint a senior official as a Privacy Champion to provide cultural leadership and promote the value of personal information, and ensure that the Privacy Champion functions are undertaken
  • undertake a written Privacy Impact Assessment (PIA) for all ‘high privacy risk’ projects or initiatives that involve new or changed ways of handling personal information
  • keep a register of all PIAs conducted and publish this register, or a version of the register, on their websites
  • take steps to enhance internal privacy capability, including by providing appropriate privacy education or training in staff induction programs, and annually to all staff who have access to personal information.

Effective privacy practice requires ongoing commitment and effort. To assist government agencies to understand and meet the obligations of the Code, the OAIC has developed a range of resources. These include the Privacy Officer Toolkit, the Interactive Privacy Management Plan and the Privacy Impact Assessment eLearning Program.

The commencement of the Code is not an end point, and the OAIC will continue to work with and support agencies to identify and address emerging privacy and security risks in the weeks, months and years beyond 1 July 2018.

To assist Privacy Officers to better understand their new obligations, the OAIC will be offering face-to-face training in Canberra and Sydney throughout the coming months. A new general privacy eLearning program is due to be released next month and is designed for Privacy Officers to share with agency staff.

As a first step towards compliance, agencies should also ensure they have informed the OAIC of their Privacy Officer’s contact details. The OAIC encourages all agencies to get in contact with any questions via their Code mailing address

To stay up to date with the latest privacy news and updates from the OAIC sign-up up to the Privacy Professionals’ Network mailing list.