Office of the Australian Information Commissioner - Home

Australian Government - Office of the Australian Information Commissioner
Australian Government - Office of the Australian Information Commissioner

Main menu

Australian Government Agencies Privacy Code

Australian Government Agencies Privacy Code

The Australian Government Agencies Privacy Code (the Code) was registered on 27 October 2017 and commences on 1 July 2018.

The Code sets out specific requirements and key practical steps that agencies must take as part of complying with Australian Privacy Principle 1.2 (APP 1.2). It requires agencies to move towards a best practice approach to privacy governance to help build a consistent, high standard of personal information management across all Australian Government agencies.

The Code will enhance existing privacy capability within agencies, build greater transparency in information handling practices, and foster a culture of respect for privacy and the value of personal information. The Code therefore symbolises the commitment of Australian Government agencies to the protection of privacy, and will help build public trust and confidence in personal information handling practices and new uses of data proposed by agencies.

The Australian Information and Privacy Commissioner and the Secretary of the Department of Prime Minister and Cabinet jointly announced the Code on 18 May 2017.

Who does the Code apply to?

The Code applies to all Australian Government agencies subject to the Privacy Act 1988 (except for Ministers). It is a binding legislative instrument under the Act.

When does the Code commence?

The Code will commence on 1 July 2018. The OAIC will collaborate with agencies in the implementation period, offering a range of support and training tools.

What will the Code require?

The Code requires agencies to:

  • have a privacy management plan
  • appoint a Privacy Officer, or Privacy Officers, and ensure that particular Privacy Officer functions are undertaken
  • appoint a senior official as a Privacy Champion to provide cultural leadership and promote the value of personal information, and ensure that the Privacy Champion functions are undertaken
  • undertake a written Privacy Impact Assessment (PIA) for all ‘high privacy risk’ projects or initiatives that involve new or changed ways of handling personal information
  • keep a register of all PIAs conducted and publish this register, or a version of the register, on their websites
  • take steps to enhance internal privacy capability, including by providing appropriate privacy education or training in staff induction programs, and annually to all staff who have access to personal information.

Agencies will still need to take other steps under APP 1.2 to ensure compliance with all the APPs.

The Code is flexible and scalable, taking into account an agency’s size, and the sensitivity and amount of personal information it handles.

Read the Australian Government Agencies Privacy Code

OAIC resources

The OAIC is currently working on a number of resources to assist agencies to prepare for the commencement of the Code and meet their privacy obligations on an ongoing basis.

Education or training

The Code requires agencies to provide privacy education or training in staff induction programs, and to take reasonable steps to provide privacy education or training annually to staff that have access to personal information in the course of performing their duties as a staff member.

The OAIC has produced two video resources with key messages about privacy for new starters to the Australian Public Service, and for those responsible for policy and project management.

The videos are short and simple, and have been designed for use in induction and training programs. We encourage you to incorporate these videos into your agency’s privacy resources and publish on them on your intranet.

Privacy for Policy Developers and Project Managers
Transcript and download

Privacy in the Australian Public Service
Transcript and download

 

The OAIC has also launched a privacy eLearning program, and is developing a general privacy eLearning program and a face-to-face training program for Privacy Officers. This section will be updated when these resources are available.

Privacy management plan

A privacy management plan identifies specific, measurable goals and targets, and sets out how an agency will meet its compliance obligations under APP 1.2.

The OAIC is developing a privacy management plan template and a privacy self-assessment tool, to assist agencies to assess the current state of their privacy practices and set privacy goals and targets. This section will be updated when this resource is available.

Privacy Officer and Privacy Champion

The Privacy Officer is the first point of contact for privacy matters within an agency, and is responsible for ensuring day-to-day operational privacy activities are undertaken. A Privacy Champion is a senior official within an agency who is responsible for leadership activities and engagement that require broader strategic oversight.

Agencies will need to ensure that particular Privacy Officer and Privacy Champion functions are undertaken. While these functions are referred to as ‘Privacy Officer’ or ‘Privacy Champion’ functions, they may also be carried out by another person or team within the agency as appropriate.

The OAIC is developing a Privacy Officer Toolkit, which will assist Privacy Officers to understand and perform their responsibilities. This section will be updated when this resource and others become available.

Privacy Impact Assessments

A PIA is a systematic assessment of a project that identifies the impacts that the project might have on the privacy of individuals, and sets out recommendations for managing, minimising, or eliminating that impact.

The OAIC is developing guidance on the PIA requirements in the Code, including how to assess privacy risk. This will complement our existing Guide to undertaking privacy impact assessments and our PIA eLearning program.

This section will be updated when this resource is available.

Keep updated

Sign-up to the Privacy Professionals’ Network to receive notifications on developments in Privacy Code resources and events.

You can also contact our Enquiries Line on 1300 363 992 or enquiries@oaic.gov.au.

This page will be updated as new guidance and educational materials are released.

This initiative supports Australia’s Open Government National Action Plan.