Privacy and FOI advice for the COVID-19 pandemic. Learn more
Main menu
Close
- About us
-
Privacy
- For individuals
- For organisations and agencies
- Law
-
Freedom of information
- For individuals
- For agencies
- Law
- Information policy
-
Consumer Data Right
- For consumers
- For participants
- Law
Guidance and advice
RSS feedWe’ve developed these guides to help organisations and agencies comply with the Privacy Act 1988 and related subjects.
See also: APP Guidelines.
8 December 2022
If you run a not-for-profit (NFP) organisation, such as a charity, it is critical that you understand the importance of good privacy practice and the obligations that may apply to your NFP under the Privacy Act 1988 (Privacy Act).NFPs and the Privacy ActNFPs may have obligations under the Privacy Act ...
OverviewThe Telecommunications Amendment (Disclosure of Information for the Purpose of Cyber Security) Regulations 2022 amends the Telecommunications Regulations 2021 (the Regulations) to enable a carrier or carriage service provider to disclose certain customer data to financial services entities.Financial services entities must comply with the requirements set out in the Regulations ...
03 March 2022
This guidance is for any entity or individual that collects a person’s COVID-19 digital vaccination certificate which contains an Individual Healthcare Identifier (IHI). On 3 December 2022 IHI fields were removed from COVID-19 digital certificates or Immunisation History Statements generated or updated after that date. This guidance will still apply ...
This privacy guidance is intended to help businesses regulated by the Privacy Act 1988 (Cth) and the Australian Privacy Principles to understand their obligations when collecting, using, storing, and disclosing (‘handling’) information about customers’ and visitors' COVID-19 vaccination status. You can find specific information regarding vaccinations in the workplace and ...
3 September 2021
The Office of the Australian Information Commissioner and state and territory privacy regulators have produced the following guidelines to support health authorities to implement a nationally consistent approach to requirements for businesses and venues to collect contact information.The non-binding guidelines are intended to be used by state and territory governments ...
2 September 2021
The Office of the Australian Information Commissioner and state and territory privacy commissioners and ombudsmen have produced the following universal privacy principles to support a nationally consistent approach to solutions and initiatives designed to address the ongoing risks related to the COVID-19 pandemic.These high-level principles provide a framework to guide ...
2 September 2021
This guide has a complementary e-learning course which aims to give you information on conducting a PIA in an easy-to-understand format so that you can have the confidence to do a PIA in your organisation or agency.Launch the courseThis guide also has an accompanying PIA tool to help you conduct ...
Guidance and advice
RSS feedWe’ve developed these guides to help organisations and agencies comply with the Privacy Act 1988 and related subjects.
See also: APP Guidelines.
29 April 2021
When developing or reviewing a project, consider the need for a privacy impact assessment (PIA). A PIA identifies how a project can have an impact on individuals’ privacy and makes recommendations to manage, minimise or eliminate privacy impacts. We recommend that organisations conduct PIAs as part of their risk management and planning processes. While each project is different, a PIA should generally include the following 10 steps.
Tags:
privacy impact assessment
poster
16 April 2019
When a job applicant gives implied consent to a prospective employee contacting their referee and when a prospective employer must first get the applicant’s consent.
1 May 2019
An organisation with an annual turnover of less than $3 million that is a reporting entity under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act), or an authorised agent of a reporting entity, will also need to comply with the APPs in respect of their personal information handling activities in relation to the AML/CTF Act, regulations or the Anti-Money Laundering and Counter-Terrorism Financing Rules.
Tags:
anti-money laundering
The purpose of this resource is to provide tips on key issues that entities regulated by the Privacy Act should consider when assessing the privacy impacts of a remote working arrangement.
Tags:
privacy impact assessment
COVID-19
10 March 2021
An emergency declaration was made under the Privacy Act 1988 in response to bushfires in Australia resulting in death, injury and property damage occurring from August 2019 into 2020. It allowed personal information about people affected by the bushfires to be exchanged by Australian Government agencies and private sector organisations for specific purposes that may not otherwise be allowed under the Privacy Act.
Tags:
emergency
This resource assists Australian entities to understand the new requirements in the European Union’s (EU) General Data Protection Regulation and how they can comply with Australian and EU privacy laws.
Tags:
GDPR
28 May 2019
If Centrelink sends you a formal written notice requesting certain information, and the notice states that you are required to provide the information by law, and also states the law under which you are required to provide that information, then you will need to comply.
28 May 2019
An Australian Government agency may use personal information to contact clients to conduct surveys, as long as certain requirements are met.