Privacy assessments

1 February 2021

Summary of Consumer Data Right Assessment 1 Assessment of Consumer Data Right data holders as at February 2021Key pointsThe OAIC assessed how Consumer Data Right data holders complied with Privacy Safeguard 1. Privacy Safeguard 1 requires CDR entities (including data holders) to have a policy describing how they manage CDR ...

7 April 2022

COVIDSafe Assessment 4: retention, destruction and deletion of COVID app data Publication date: 7 April 2022Part 1: Executive summary1.1 This report outlines the findings of the Office of the Australian Information Commissioner’s (OAIC) privacy assessment of the retention, destruction and deletion of COVID app data, conducted from November 2020 to ...

1 June 2022

Handling of personal information: a follow-up privacy assessment of Housing and Community Services ACT Publication date: 1 June 2022Part 1: Executive summary 1.1 This report outlines the findings of the Office of the Australian Information Commissioner’s (OAIC) second privacy assessment of Housing and Community Services ACT (Housing ACT), an ACT ...

6 June 2022

Privacy impact assessment register assessment program Publication date: 6 June 2022 Part 1: Executive summaryPrivacy impact assessmentsThis report outlines the findings of the Office of the Australian Information Commissioner’s (OAIC) privacy assessment of Australian Government agencies’ compliance with s 15.1 of the Privacy (Australian Government Agencies – Governance) Code 2017 ...

23 June 2022

Summary of OAIC's inspection of telecommunications organisations' records of disclosure under the Telecommunications Act Publication date: 23 June 2022Introduction1.1 This report outlines the findings of the Office of the Australian Information Commissioner’s (OAIC) inspection of whether selected telecommunication services providers maintained records of disclosure in accordance with their obligations under ...

12 October 2022

My Health Records security and access policy assessment 1: general practice clinic survey Publication date: 12 October 2022Part 1: Key pointsThe Office of the Australian Information Commissioner (OAIC) conducted a privacy assessment to assess compliance with Rule 42 of the My Health Records Rule 2016. This rule requires healthcare provider ...

12 October 2022

My Health Records security and access policy assessment 2: security and access governance Publication date: 12 October 2022Executive summaryThis report summarises the findings of the Office of the Australian Information Commissioner’s (OAIC) assessment[1] of 20 General Practice (GP) clinics (the ‘assessment GP clinics’) to identify privacy risks relevant to Rule ...

8 February 2023

Summary of COVIDSafe Assessment 2: state and territory health authority access controls 30 November 2022This report outlines the findings in the Office of the Australian Information Commissioner’s (OAIC) privacy assessment of the state and territory health authority (STHA[1]) access controls applied to the National COVIDSafe Data Store (NCDS). This assessment ...

30 November 2020

COVIDSafe Assessment 5: obligations after the end of the COVIDSafe data period Publication date: 30 November 2022Part 1: Executive summary1.1 This report outlines the findings of the Office of the Australian Information Commissioner’s (OAIC) privacy assessment of the handling of COVID app data after the end of the COVIDSafe data ...

6 February 2023

Handling personal information: Services Australia’s role as the Identity Exchange Publication date: 6 February 2023Part 1: Executive summary1.1 This report outlines the findings of the Office of the Australian Information Commissioner’s (OAIC) privacy assessment of Services Australia’s management of personal information under the Privacy Act 1988 (Cth) conducted in February ...