Privacy assessments

30 September 2024

Digital ID assessment 2: myGovID destruction of biometric information Published: 30 September 2024 Part 1: Executive SummaryThis report outlines the findings of the Office of the Australian Information Commissioner’s (OAIC) privacy assessment of the Australian Tax Office (ATO) in its role as operator of the myGovID mobile application (myGovID) ...

3 September 2024

Handling of personal information: my health app Published 03 September 2024Part 1: Executive summary1.1 This report outlines the findings of the Office of the Australian Information Commissioner’s (OAIC) privacy assessment of the Australian Digital Health Agency’s (ADHA) my health mobile application (my health app) and its compliance with requirements ...

24 June 2024

Handling of personal information: emergency access in the My Health Record system A privacy assessment of 300 General Practice (GP) clinics and retail pharmacies.Download the My Health Record Emergency Access - Summary Assessment ReportPart 1: Executive summaryThe Office of the Australian Information Commissioner (OAIC) conducted a privacy assessment of ...

28 November 2023

Privacy assessments forward plan for 2023-24 and 2024-25 Published: 28 Nov 2023This page outlines our planned assessments for the 2023-24 and 2024-25 financial years, as well as those underway.The OAIC uses privacy assessments (or audits) as a regulatory tool to facilitate legal and best practice compliance. Our assessments identify, ...

6 September 2023

OAIC’s summary of 7 ACT Directorates’ data breach response plans Publication date: 6 September 2023Introduction1.1 In December 2022, the Office of the Australian Information Commissioner (OAIC) commenced a privacy assessment of 7 Australian Capital Territory (ACT) public sector agencies (ACT Directorates) which examined whether they each had a data ...

26 May 2023

Data matching conducted by the Department of Health and Aged Care: Practice Incentives Program eHealth Incentives Compliance Program Part 1: Executive summary1.1 This report outlines the findings of the Office of the Australian Information Commissioner’s (OAIC) privacy assessment of the data matching[1]activities undertaken by the Department of Health and ...

6 April 2023

Cross-border disclosures of personal information: Passenger Name Records Part 1: Executive summary1.1 This report outlines the findings of the Office of the Australian Information Commissioner’s (OAIC) 2022 assessment of the Department of Home Affairs’ (Home Affairs) processes governing cross-border disclosures of European Union-sourced Passenger Name Record data (EU PNR ...

16 February 2023

Handling personal information: Services Australia’s role as the Identity Exchange Publication date: 16 February 2023Part 1: Executive summary1.1 This report outlines the findings of the Office of the Australian Information Commissioner’s (OAIC) privacy assessment of Services Australia’s management of personal information under the Privacy Act 1988 (Cth) conducted in ...

30 November 2022

COVIDSafe Assessment 5: obligations after the end of the COVIDSafe data period Publication date: 30 November 2022Part 1: Executive summary1.1 This report outlines the findings of the Office of the Australian Information Commissioner’s (OAIC) privacy assessment of the handling of COVID app data after the end of the COVIDSafe ...

30 November 2022

Summary of COVIDSafe Assessment 2: state and territory health authority access controls 30 November 2022This report outlines the findings in the Office of the Australian Information Commissioner’s (OAIC) privacy assessment of the state and territory health authority (STHA[1]) access controls applied to the National COVIDSafe Data Store (NCDS). This ...