Privacy and FOI advice for the COVID-19 pandemic. Learn more
Main menu
Close
- About us
-
Privacy
- For individuals
- For organisations and agencies
- Law
-
Freedom of information
- For individuals
- For agencies
- Law
- Information policy
-
Consumer Data Right
- For consumers
- For participants
- Law
Guidance and advice
RSS feedWe’ve developed these guides to help organisations and agencies comply with the Privacy Act 1988 and related subjects.
See also: APP Guidelines.
10 March 2021
The Attorney-General made the Privacy (Australian Bushfires Disaster) Emergency Declaration (No. 1) 2020 (the emergency declaration) under Part VIA of the Privacy Act 1988 (Cth) (Privacy Act) in January 2020, in response to bushfires resulting in death, injury and property damage. The emergency declaration expired on 20 January 2021. Ordinarily, ...
23 February 2021
Coronavirus (COVID-19) Vaccinations: Understanding your privacy obligations to your staffThis privacy guidance is intended to help entities[i] regulated by the Privacy Act 1988 (Cth) (Privacy Act) to understand their obligations when collecting, using, storing, and disclosing (‘handling’) employee health information related to the COVID-19 vaccine. It complements the OAIC COVID-19 ...
14 September 2020
If you are looking for a how-to-guide for undertaking a privacy impact assessment, click here. OverviewThe Privacy (Australian Government Agencies – Governance) APP Code 2017 (the Code) requires Australian Government agencies subject to the Privacy Act 1988 (Privacy Act) to conduct a privacy impact assessment (PIA) for all ‘high privacy ...
A legal framework of privacy protections has been established under Part VIIIA of the Privacy Act 1988 (Privacy Act) to protect COVID app data. Amongst other things, these legislative provisions:prohibit certain conduct; outline the limited purposes for which COVID app data may be collected, used or disclosed; require COVID app ...
This guidance is for businesses that have obligations under the Privacy Act 1988.As COVID-19 restrictions are eased around Australia, some States and Territories are managing the ongoing risks of the virus by requiring businesses to collect personal information about customers and visitors to their premises. The purpose of the collection ...
OverviewThe OAIC appreciates the unprecedented challenges Australian government agencies and private sector employers are facing in combating the spread of COVID-19. To prevent or manage the risk of COVID-19, you may have implemented, or are considering, remote working arrangements for employees or are expanding existing arrangements.The purpose of this resource ...
11 February 2020
Health service providers should use this four-step plan to contain and manage a data breach involving personal information, including the My Health Record system. The plan has been developed by the Office of the Australian Information Commissioner, Australian Digital Health Agency, Australian Cyber Security Centre and Services Australia.Download the print ...
8 October 2019
Download the posterLong text descriptionThe Privacy Act 1988 (Privacy Act) requires you to be proactive in establishing, implementing and maintaining privacy processes in your practice.The Office of the Australian Information Commissioner's Guide to health privacy sets out the key practical steps you should take to meet your privacy obligations and ...
Guidance and advice
RSS feedWe’ve developed these guides to help organisations and agencies comply with the Privacy Act 1988 and related subjects.
See also: APP Guidelines.
29 April 2021
When developing or reviewing a project, consider the need for a privacy impact assessment (PIA). A PIA identifies how a project can have an impact on individuals’ privacy and makes recommendations to manage, minimise or eliminate privacy impacts. We recommend that organisations conduct PIAs as part of their risk management and planning processes. While each project is different, a PIA should generally include the following 10 steps.
Tags:
privacy impact assessment
poster
16 April 2019
When a job applicant gives implied consent to a prospective employee contacting their referee and when a prospective employer must first get the applicant’s consent.
1 May 2019
An organisation with an annual turnover of less than $3 million that is a reporting entity under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act), or an authorised agent of a reporting entity, will also need to comply with the APPs in respect of their personal information handling activities in relation to the AML/CTF Act, regulations or the Anti-Money Laundering and Counter-Terrorism Financing Rules.
Tags:
anti-money laundering
The purpose of this resource is to provide tips on key issues that entities regulated by the Privacy Act should consider when assessing the privacy impacts of a remote working arrangement.
Tags:
privacy impact assessment
COVID-19
10 March 2021
An emergency declaration was made under the Privacy Act 1988 in response to bushfires in Australia resulting in death, injury and property damage occurring from August 2019 into 2020. It allowed personal information about people affected by the bushfires to be exchanged by Australian Government agencies and private sector organisations for specific purposes that may not otherwise be allowed under the Privacy Act.
Tags:
emergency
This resource assists Australian entities to understand the new requirements in the European Union’s (EU) General Data Protection Regulation and how they can comply with Australian and EU privacy laws.
Tags:
GDPR
28 May 2019
If Centrelink sends you a formal written notice requesting certain information, and the notice states that you are required to provide the information by law, and also states the law under which you are required to provide that information, then you will need to comply.
28 May 2019
An Australian Government agency may use personal information to contact clients to conduct surveys, as long as certain requirements are met.