Office of the Australian Information Commissioner - Home

Australian Government - Office of the Australian Information Commissioner
Australian Government - Office of the Australian Information Commissioner

Main menu

APS Privacy Governance Code

Comments have closed for the draft APS Privacy Governance Code.

APS Privacy Governance Code

What is the Australian Public Service Privacy Governance Code?

On 18 May 2017, the OAIC announced the development of the Australian Public Service (APS) Privacy Governance Code.

The Code will be developed by the OAIC, in collaboration with the Department of Prime Minister & Cabinet (PM&C). It will play a key role in building public trust in the APS, support the Australian Government’s public data agenda and enhance privacy governance and capability.

You can read more about the reasons and aspirations behind introducing the Code in the Australian Information Commissioner’s speech from May 2017.

Who will the Code apply to?

The Code will apply to all Australian Government agencies subject to the Privacy Act 1988.

What will the Code require?

The Code will set out the specific requirements and key practical steps that an agency must take as part of complying with Australian Privacy Principle (APP) 1.2.

The Code will require agencies to:

  • have a privacy management plan
  • appoint a designated privacy officer
  • appoint a senior official as a ‘Privacy Champion’ to provide cultural leadership and promote the value of personal information
  • undertake a written Privacy Impact Assessment (PIA) for all ‘high risk’ projects or initiatives that involve personal information
  • keep a register of all PIAs conducted and make this available to the OAIC on request
  • take steps to enhance internal privacy capability, including by undertaking any necessary training.

The Code mandates approaches and processes that are already standard practice in many agencies. Agencies will still need to take other steps under APP 1.2 to ensure compliance with all of the APPs (for example, agencies will need to take reasonable steps to implement practices, procedures and systems to ensure compliance with APP 11 – security of information).

The Code will be flexible and scalable, and take account of the agency’s size, and the sensitivity and amount of personal information it handles.

When will the Code commence?

The Code will come into effect on 1 July 2018. The OAIC will collaborate with agencies in the implementation period, offering a range of support and training tools.

Implementation timeline

  • 30 June – 11 August 2017: Public Consultation on the draft Code
  • July–December 2017: OAIC will develop supporting resources, in consultation with agencies
  • October 2017: Code registered
  • December 2017: Supporting resources published
  • February 2018: Training course for designated privacy officers available
  • 1 July 2018: APS Privacy Governance Code commences

Keep informed

To keep up-to-date on the latest privacy news, sign up to our Privacy Professionals’ Network (PPN).

You can also contact our Enquiries Line on 1300 363 992 or

This page will be updated as new guidance and educational materials are released.

This initiative supports Australia’s Open Government National Action Plan.