Published: 28 Nov 2023

This page outlines our planned assessments for the 2023-24 and 2024-25 financial years, as well as those underway.

The OAIC uses privacy assessments (or audits) as a regulatory tool to facilitate legal and best practice compliance. Our assessments identify, and make recommendations to address, privacy risks and areas of non‑compliance. Further detail on the OAIC’s approach to assessments can be found in Chapter 9 of the OAIC’s Guide to privacy regulatory action.

Our planned assessments align with the OAIC’s purpose of upholding privacy and information access rights frameworks. They are an important tool for achieving our vision of increasing public trust and confidence in the protection of personal information and access to government-held information.

These assessments will examine agencies and organisations, including entities across government, the digital economy and the health sector. Assessments will be undertaken in a number of key areas including:

  • Digital health and the My Health Record system
  • Data-matching under the National Health Act 1953
  • The Australian Government’s Digital ID system
  • Practices of online platforms and services
  • ACT public sector agencies
  • Identity verification services
  • Handling of passenger name records
  • The Consumer Data Right.

Our forward plan of assessments for 2023-24 and 2024-25 will focus on finalising assessments commenced in the 2022-23 financial year, and undertaking assessments under memoranda of understanding and where the OAIC has been provided funding by direct appropriation. The OAIC is also planning to progress at least one strategic assessment focusing on the information handling practices of online platforms and services and how they impact individuals’ choice and control.

The scope of the assessments and selection of entities we will assess are subject to change, based on emerging risks, new regulatory priorities, or resourcing changes.

Reports for completed assessments are published on the OAIC’s website.