Privacy assessments

28 November 2023

Privacy assessments forward plan for 2023-24 and 2024-25 Published: 28 Nov 2023This page outlines our planned assessments for the 2023-24 and 2024-25 financial years, as well as those underway.The OAIC uses privacy assessments (or audits) as a regulatory tool to facilitate legal and best practice compliance. Our assessments identify, and ...

6 September 2023

OAIC’s summary of 7 ACT Directorates’ data breach response plans Publication date: 6 September 2023Introduction1.1 In December 2022, the Office of the Australian Information Commissioner (OAIC) commenced a privacy assessment of 7 Australian Capital Territory (ACT) public sector agencies (ACT Directorates) which examined whether they each had a data breach ...

26 May 2023

Data matching conducted by the Department of Health and Aged Care: Practice Incentives Program eHealth Incentives Compliance Program Part 1: Executive summary1.1 This report outlines the findings of the Office of the Australian Information Commissioner’s (OAIC) privacy assessment of the data matching[1]activities undertaken by the Department of Health and Aging ...

6 April 2023

Cross-border disclosures of personal information: Passenger Name Records Part 1: Executive summary1.1 This report outlines the findings of the Office of the Australian Information Commissioner’s (OAIC) 2022 assessment of the Department of Home Affairs’ (Home Affairs) processes governing cross-border disclosures of European Union-sourced Passenger Name Record data (EU PNR data) ...

16 February 2023

Handling personal information: Services Australia’s role as the Identity Exchange Publication date: 16 February 2023Part 1: Executive summary1.1 This report outlines the findings of the Office of the Australian Information Commissioner’s (OAIC) privacy assessment of Services Australia’s management of personal information under the Privacy Act 1988 (Cth) conducted in February ...

30 November 2022

COVIDSafe Assessment 5: obligations after the end of the COVIDSafe data period Publication date: 30 November 2022Part 1: Executive summary1.1 This report outlines the findings of the Office of the Australian Information Commissioner’s (OAIC) privacy assessment of the handling of COVID app data after the end of the COVIDSafe data ...

30 November 2022

Summary of COVIDSafe Assessment 2: state and territory health authority access controls 30 November 2022This report outlines the findings in the Office of the Australian Information Commissioner’s (OAIC) privacy assessment of the state and territory health authority (STHA[1]) access controls applied to the National COVIDSafe Data Store (NCDS). This assessment ...

12 October 2022

My Health Records security and access policy assessment 2: security and access governance Publication date: 12 October 2022Executive summaryThis report summarises the findings of the Office of the Australian Information Commissioner’s (OAIC) assessment[1] of 20 General Practice (GP) clinics (the ‘assessment GP clinics’) to identify privacy risks relevant to Rule ...

12 October 2022

My Health Records security and access policy assessment 1: general practice clinic survey Publication date: 12 October 2022Part 1: Key pointsThe Office of the Australian Information Commissioner (OAIC) conducted a privacy assessment to assess compliance with Rule 42 of the My Health Records Rule 2016. This rule requires healthcare provider ...

23 June 2022

Summary of OAIC’s inspection of telecommunications organisations’ records of disclosure under the Telecommunications Act Publication date: 23 June 2022Introduction1.1 This report outlines the findings of the Office of the Australian Information Commissioner’s (OAIC) inspection of whether selected telecommunication services providers maintained records of disclosure in accordance with their obligations under ...