The Australian Information Commissioner has powers to conduct privacy assessments of agencies and organisations the Privacy Act 1988 covers.
The Commissioner may also conduct assessments of ACT public sector agencies in exercising some of the functions of the ACT Information Privacy Commissioner in the Information Privacy Act 2014 (ACT), under an arrangement between the Australian and ACT governments.The OAIC publishes finalised reports of these assessments (previously called audits) to help promote good privacy practice. If a report contains classified content, we may not be able to publish it.
Assessment and audit reports finalised since 2018 are listed below. Visit Trove for older privacy assessments and audits the former Office of the Privacy Commissioner conducted.
See also Consumer Data Right assessments