While a PIA is more than a compliance check, it is essential that you consider compliance with privacy law.
Consider whether your project complies with each of the Australian Privacy Principles (APPs). For each APP, ask yourself:
- Is the APP relevant to the project? If not, why not? Will it become relevant to the project at a later stage?
- Does my project comply with the APP?
- Are there any risks to compliance?
You should document and provide specific details about how your project complies with the APP, or why you are not required to comply, and any considerations you took into account.
Australian Government agencies should also be aware that there may be other privacy-related legislation and rules that apply to your agency, such as secrecy provisions or information handling obligations in other legislation.
The OAIC’s Guide to Undertaking Privacy Impact Assessments provides example questions for each APP to assist you to complete your compliance check.
You may also find the APP Guidelines a useful resource to assist you to interpret and apply the APPs.