The OAIC is undertaking a government-wide assessment to monitor compliance with part of the Privacy (Australian Government Agencies – Governance) Code 2017.
Privacy impact assessments
A privacy impact assessment (PIA) is a systematic assessment of a project that identifies privacy impacts and sets out recommendations for managing, minimising or eliminating that impact. PIAs are an important component in the protection of privacy and should be part of agencies’ risk management and planning processes.
Since 1 July 2018, it has been mandatory for Australian Government agencies to maintain a register of the PIAs they conduct, and to publish that register on their website. This is an obligation of section 15.1 of the Privacy (Australian Government Agencies – Governance) Code 2017 (the Code).
General notification of government-wide privacy assessment
Commencing in May 2021, the OAIC is undertaking a government-wide privacy assessment under s 33C(1)(a) of the Privacy Act 1988 (Cth).
The OAIC will assess Australian Government agencies’ compliance with the requirement in the Code to publish a PIA register on their website. The scope of this assessment will be limited to whether agencies are complying with the requirement contained in s 15.1 of the Code.
The OAIC will be assessing compliance through a desktop review of agency websites.
Where can I go if I have questions?
- Find out more about the Australian Government Agencies Privacy Code on our website.
- For guidance on undertaking PIAs, consult our Guide to undertaking Privacy Impact Assessments.
- For more information on privacy assessments, see Chapter 7 of the OAIC’s Guide to Privacy Regulatory Action.
- Australian Government agencies with questions about the assessment can email assessments@oaic.gov.au.
