Advice on Optus data breach. Learn more
Main menu
Close
- About us
-
Privacy
- For individuals
- For organisations and agencies
- Law
-
Freedom of information
- For individuals
- For agencies
- Law
- Information policy
-
Consumer Data Right
- For consumers
- For participants
- Law
Guidance and advice
RSS feedWe’ve developed these guides to help organisations and agencies comply with the Privacy Act 1988 and related subjects.
See also: APP Guidelines.
21 March 2018
Download the print version from Trove This guide replaces two pieces of guidance released in 2014 — Privacy business resource 4: De-identification of data and information and Information policy agency resource 1: De-identification of data and information Key points De-identification is a privacy-enhancing tool. When done well, it can help ...
Download the print version from TroveExecutive summaryOverviewThe use of data analytics is increasingly common across government agencies and the private sector. This has been driven by a fundamental shift in analytical processes, together with the availability of large data sets, increased computational power and storage capacity. The ability of data ...
Download the print version from TroveVersion historyVersionCurrency datesChanges and other commentsv1.0September 2015 to October 2017 v2.0October 2017Text amended to reflect changes to the My Health Records Act 2012, as conferred by the Health Legislation Amendment (eHealth) Bill 2015, including changes to: updated My Health Record data breach coverage, requirements and ...
18 September 2017
View the De-identification Decision-Making Framework The OAIC and CSIRO’s Data61 have released the De-identification Decision-Making Framework to assist organisations to de-identify their data effectively.The De-identification Decision-Making Framework is a practical and accessible guide for Australian organisations that handle personal information and are considering sharing or releasing it to meet their ...
5 May 2017
Download the print version from TroveIntroductionThis resource aims to assist entities bound by the Privacy Act 1988 (the Privacy Act) to understand and apply the definition of ‘personal information’ in section 6(1) of the Act. This resource should be read together with the Australian Privacy Principle (APP) guidelines.[1] The concept ...
IntroductionThe Office of the Australian Information Commissioner (OAIC) is providing this self-assessment checklist to assist service providers in considering their privacy obligations under the Data Retention Scheme.BackgroundPursuant to legislative amendments introduced by the Telecommunications (Interception and Access) Amendment (Data Retention) Act 2015 (Cth), service providers must retain certain telecommunications data ...
3 October 2016
Download the print version from TroveThis resource will help organisations and agencies covered by the Privacy Act 1988 (Cth) (Privacy Act) address privacy complaints they receive.Are you covered by the Privacy Act?Under the Privacy Act, businesses (including non-profit organisations) with an annual turnover of more than $3 million, some small ...
This template is designed for organisations. If you are an agency, please see the information about PMPs on the Australian Government Agencies Privacy Code page. Download the print versionThe Office of the Australian Information Commissioner’s (OAIC) Privacy management framework (Framework) outlines steps to take to meet your ongoing compliance obligations ...
Guidance and advice
RSS feedWe’ve developed these guides to help organisations and agencies comply with the Privacy Act 1988 and related subjects.
See also: APP Guidelines.
29 April 2021
When developing or reviewing a project, consider the need for a privacy impact assessment (PIA). A PIA identifies how a project can have an impact on individuals’ privacy and makes recommendations to manage, minimise or eliminate privacy impacts. We recommend that organisations conduct PIAs as part of their risk management and planning processes. While each project is different, a PIA should generally include the following 10 steps.
Tags:
privacy impact assessment
poster
16 April 2019
When a job applicant gives implied consent to a prospective employee contacting their referee and when a prospective employer must first get the applicant’s consent.
1 May 2019
An organisation with an annual turnover of less than $3 million that is a reporting entity under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act), or an authorised agent of a reporting entity, will also need to comply with the APPs in respect of their personal information handling activities in relation to the AML/CTF Act, regulations or the Anti-Money Laundering and Counter-Terrorism Financing Rules.
Tags:
anti-money laundering
The purpose of this resource is to provide tips on key issues that entities regulated by the Privacy Act should consider when assessing the privacy impacts of a remote working arrangement.
Tags:
privacy impact assessment
COVID-19
10 March 2021
An emergency declaration was made under the Privacy Act 1988 in response to bushfires in Australia resulting in death, injury and property damage occurring from August 2019 into 2020. It allowed personal information about people affected by the bushfires to be exchanged by Australian Government agencies and private sector organisations for specific purposes that may not otherwise be allowed under the Privacy Act.
Tags:
emergency
This resource assists Australian entities to understand the new requirements in the European Union’s (EU) General Data Protection Regulation and how they can comply with Australian and EU privacy laws.
Tags:
GDPR
28 May 2019
If Centrelink sends you a formal written notice requesting certain information, and the notice states that you are required to provide the information by law, and also states the law under which you are required to provide that information, then you will need to comply.
28 May 2019
An Australian Government agency may use personal information to contact clients to conduct surveys, as long as certain requirements are met.