Privacy and FOI advice for the COVID-19 pandemic. Learn more
Main menu
Close
- About us
-
Privacy
- For individuals
- For organisations and agencies
- Law
-
Freedom of information
- For individuals
- For agencies
- Law
- Information policy
-
Consumer Data Right
- For consumers
- For participants
- Law
Guidance and advice
RSS feedWe’ve developed these guides to help organisations and agencies comply with the Privacy Act 1988 and related subjects.
See also: APP Guidelines.
28 May 2019
Can an Australian Government agency use a client’s personal information to contact them to conduct surveys?Generally, yes, it is possible under the Australian Privacy Principles (APPs) to use personal information to contact clients to conduct surveys, as long as certain requirements are met.Australian Government agencies must comply with the APPs ...
27 May 2019
The Privacy Act 1988 (Privacy Act) generally allows for personal information to be discussed with individuals via the National Relay Service (NRS).The Privacy Act specifically exempts the NRS’s relay officers from being considered ‘access seekers’. That means that under the Privacy Act, NRS relay officers are effectively not third parties ...
27 May 2019
Two of the central privacy considerations are:openness — make sure your clients know what will happen with their records choice — give your clients an opportunity to decide whether they want their personal information to remain with you when you move from ‘A’ to ‘B’, or whether they want their ...
1 May 2019
Generally, all businesses with a turnover of more than $3 million need to comply with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Privacy Act) when handling personal information. However, a business with an annual turnover of less than $3 million who is a reporting entity under the ...
1 May 2019
Australian Privacy Principle 7 (APP 7) applies to organisations that use or disclose personal information for direct marketing. It does not apply to direct marketing communications that are covered by the Do Not Call Register Act 2006 (DNCR Act) or the Spam Act 2003 (Spam Act).This resource provides general information ...
16 April 2019
It is usual practice when applying for a position in a government agency for an applicant to include their current supervisor as a referee. The applicant would therefore be expecting, or giving implied consent to, the prospective employer contacting their supervisor to discuss their work performance.If a prospective employer wishes ...
19 July 2018
A privacy management plan identifies specific, measurable goals and targets, and sets out how an agency will meet its compliance obligations under APP 1.2. The Australian Government Agencies Privacy Code requires agencies to have a privacy management plan, and to measure and document performance against the plan at least annually.The ...
This resource assists Australian entities to understand the new requirements in the European Union (EU) General Data Protection Regulation and how they can comply with Australian and EU privacy laws.Key messages The European Union General Data Protection Regulation (the GDPR) contains new data protection requirements that will apply from 25 ...
Guidance and advice
RSS feedWe’ve developed these guides to help organisations and agencies comply with the Privacy Act 1988 and related subjects.
See also: APP Guidelines.
29 April 2021
When developing or reviewing a project, consider the need for a privacy impact assessment (PIA). A PIA identifies how a project can have an impact on individuals’ privacy and makes recommendations to manage, minimise or eliminate privacy impacts. We recommend that organisations conduct PIAs as part of their risk management and planning processes. While each project is different, a PIA should generally include the following 10 steps.
Tags:
privacy impact assessment
poster
16 April 2019
When a job applicant gives implied consent to a prospective employee contacting their referee and when a prospective employer must first get the applicant’s consent.
1 May 2019
An organisation with an annual turnover of less than $3 million that is a reporting entity under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act), or an authorised agent of a reporting entity, will also need to comply with the APPs in respect of their personal information handling activities in relation to the AML/CTF Act, regulations or the Anti-Money Laundering and Counter-Terrorism Financing Rules.
Tags:
anti-money laundering
The purpose of this resource is to provide tips on key issues that entities regulated by the Privacy Act should consider when assessing the privacy impacts of a remote working arrangement.
Tags:
privacy impact assessment
COVID-19
10 March 2021
An emergency declaration was made under the Privacy Act 1988 in response to bushfires in Australia resulting in death, injury and property damage occurring from August 2019 into 2020. It allowed personal information about people affected by the bushfires to be exchanged by Australian Government agencies and private sector organisations for specific purposes that may not otherwise be allowed under the Privacy Act.
Tags:
emergency
This resource assists Australian entities to understand the new requirements in the European Union’s (EU) General Data Protection Regulation and how they can comply with Australian and EU privacy laws.
Tags:
GDPR
28 May 2019
If Centrelink sends you a formal written notice requesting certain information, and the notice states that you are required to provide the information by law, and also states the law under which you are required to provide that information, then you will need to comply.
28 May 2019
An Australian Government agency may use personal information to contact clients to conduct surveys, as long as certain requirements are met.