- About us
- For individuals
- For organisations and agencies
Freedom of information
- For individuals
- For agencies
- Information policy
Consumer Data Right
- For consumers
- For participants
Guidance and adviceRSS feed
This provides a step-by-step guide to help businesses deal with requests for correction of personal information in accordance with the requirements of Australian Privacy Principle (APP) 13. It should be read together with the full text of the APP guidelines.IntroductionUnder APP 13, you must take reasonable steps to correct personal ...
This is a step-by-step guide to help businesses deal with requests for access to personal information in accordance with the requirements of Australian Privacy Principle (APP) 12. It should be read together with the full text of the APP guidelines.IntroductionUnder APP 12, an individual has the right to access all ...
This resource provides an overview for telecommunication service providers of their obligations to maintain records of disclosures under ss 306 and 306A of the Telecommunications Act 1997. The resource includes a checklist at Appendix A to help providers ensure the relevant requirements are met when creating records of disclosures.OverviewGenerally, the ...
1 December 2015
This aim of this resource is to assist entities to understand their obligations under Part VIA of the Privacy Act 1988 (Privacy Act) when handling personal information in declared emergencies or disasters.Key pointsThe Privacy Act is not a barrier to necessary information sharing in a declared emergency or disaster Special ...
29 July 2015
The Data Retention Scheme self-assessment checklist is now available to help service providers consider their privacy obligations under the Data Retention Scheme. This resource will assist providers of telecommunications services in Australia who are required to comply with the data retention provisions in Part 5-1A of the Telecommunications (Interception and ...
6 May 2015
The Privacy Act 1988 (Privacy Act) contains 13 Australian Privacy Principles (APPs) that Australian and Norfolk Island Government agencies, and most private sector organisations, (collectively called ‘APP entities’) must follow when they handle personal information. Personal information is defined in the Privacy Act as information or an opinion that identifies, ...
The Privacy management plan template is now available to help you develop a privacy management plan for your entity.Download the print version from TroveIntroductionThis Privacy management framework (Framework) provides steps the Office of the Australian Information Commissioner (OAIC) expects you to take to meet your ongoing compliance obligations under Australian ...
5 September 2014
IntroductionThe purpose of this guideThe Office of the Australian Information Commissioner (OAIC) has developed this guide to help mobile device application (app) developers embed better privacy practices in their products and services, and help developers that are operating in the Australian market to comply with Australian privacy law and best ...
Guidance and adviceRSS feed
29 April 2021
When developing or reviewing a project, consider the need for a privacy impact assessment (PIA). A PIA identifies how a project can have an impact on individuals’ privacy and makes recommendations to manage, minimise or eliminate privacy impacts. We recommend that organisations conduct PIAs as part of their risk management and planning processes. While each project is different, a PIA should generally include the following 10 steps.
Tags: privacy impact assessment poster
16 April 2019
When a job applicant gives implied consent to a prospective employee contacting their referee and when a prospective employer must first get the applicant’s consent.
1 May 2019
An organisation with an annual turnover of less than $3 million that is a reporting entity under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act), or an authorised agent of a reporting entity, will also need to comply with the APPs in respect of their personal information handling activities in relation to the AML/CTF Act, regulations or the Anti-Money Laundering and Counter-Terrorism Financing Rules.
Tags: anti-money laundering
The purpose of this resource is to provide tips on key issues that entities regulated by the Privacy Act should consider when assessing the privacy impacts of a remote working arrangement.
Tags: privacy impact assessment COVID-19
10 March 2021
An emergency declaration was made under the Privacy Act 1988 in response to bushfires in Australia resulting in death, injury and property damage occurring from August 2019 into 2020. It allowed personal information about people affected by the bushfires to be exchanged by Australian Government agencies and private sector organisations for specific purposes that may not otherwise be allowed under the Privacy Act.
This resource assists Australian entities to understand the new requirements in the European Union’s (EU) General Data Protection Regulation and how they can comply with Australian and EU privacy laws.
28 May 2019
If Centrelink sends you a formal written notice requesting certain information, and the notice states that you are required to provide the information by law, and also states the law under which you are required to provide that information, then you will need to comply.
28 May 2019
An Australian Government agency may use personal information to contact clients to conduct surveys, as long as certain requirements are met.