Privacy assessments

20 March 2025

Data matching conducted by the Department of Health and Aged Care: Matching MBS and PBS data under Part VIIA of the National Health Act 1953 Published: 12 March 2025 Part 1: Executive summary 1.1 This report outlines the findings of the Office of the Australian Information Commissioner’s (OAIC) privacy ...

13 December 2024

Digital ID Assessment 3: myID notification of collection, use or disclosure of personal information A privacy assessment of the Australian Taxation Office by the Office of the Australian Information Commissioner Published: 13 December 2024 Download the summary report Last updated: 13 December 2024 Part 1: Executive summary1.1At the time ...

20 December 2024

Identity Verification Services Assessment Report – Privacy Obligations A privacy assessment of the Attorney-General’s Department by the Office of the Australian Information Commissioner Published: 20 December 2024 Download the IVS assessment report summary Last updated: 20 December 2024 Part 1: Executive summary 1.1 This report outlines the findings of ...

30 September 2024

Digital ID assessment 2: myGovID destruction of biometric information Published: 30 September 2024 Part 1: Executive SummaryThis report outlines the findings of the Office of the Australian Information Commissioner’s (OAIC) privacy assessment of the Australian Tax Office (ATO) in its role as operator of the myGovID mobile application (myGovID) ...

3 September 2024

Handling of personal information: my health app Published 03 September 2024Part 1: Executive summary1.1 This report outlines the findings of the Office of the Australian Information Commissioner’s (OAIC) privacy assessment of the Australian Digital Health Agency’s (ADHA) my health mobile application (my health app) and its compliance with requirements ...

24 June 2024

Handling of personal information: emergency access in the My Health Record system A privacy assessment of 300 General Practice (GP) clinics and retail pharmacies.Download the My Health Record Emergency Access - Summary Assessment ReportPart 1: Executive summaryThe Office of the Australian Information Commissioner (OAIC) conducted a privacy assessment of ...

28 November 2023

Privacy assessments forward plan for 2023-24 and 2024-25 Published: 28 Nov 2023This page outlines our planned assessments for the 2023-24 and 2024-25 financial years, as well as those underway.The OAIC uses privacy assessments (or audits) as a regulatory tool to facilitate legal and best practice compliance. Our assessments identify, ...

6 September 2023

OAIC’s summary of 7 ACT Directorates’ data breach response plans Publication date: 6 September 2023Introduction1.1 In December 2022, the Office of the Australian Information Commissioner (OAIC) commenced a privacy assessment of 7 Australian Capital Territory (ACT) public sector agencies (ACT Directorates) which examined whether they each had a data ...

26 May 2023

Data matching conducted by the Department of Health and Aged Care: Practice Incentives Program eHealth Incentives Compliance Program Part 1: Executive summary1.1 This report outlines the findings of the Office of the Australian Information Commissioner’s (OAIC) privacy assessment of the data matching[1]activities undertaken by the Department of Health and ...

6 April 2023

Cross-border disclosures of personal information: Passenger Name Records Part 1: Executive summary1.1 This report outlines the findings of the Office of the Australian Information Commissioner’s (OAIC) 2022 assessment of the Department of Home Affairs’ (Home Affairs) processes governing cross-border disclosures of European Union-sourced Passenger Name Record data (EU PNR ...