Privacy
- Your privacy rights
- Your personal information
- What is personal information?
- What is privacy?
- What is a privacy policy?
- Access your personal information
- Correct your personal information
- Request a record
- Consent to the handling of personal information
- Collection of personal information
- Use and disclosure of personal information
- Your tax file number
- Credit reporting
- What is credit reporting?
- What is a credit report?
- Credit reporting terms
- What stays on a credit report?
- Access your credit report
- Correct your credit report
- Information on your credit report
- Repayment history and defaults
- Third-party access to credit reports
- Fraud and your credit report
- Hardship assistance
- Commercial credit information
- Make a credit reporting complaint
- Real estate agents, employers and your credit report
- Data breaches
- Health information
- Social media and online privacy
- Surveillance and monitoring
- Ways to protect your privacy
- More privacy rights
- Privacy complaints
- Representative complaint: Medibank data breach
- What you can complain about
- Complain to an organisation or agency
- Lodge a privacy complaint with us
- How we investigate and resolve your complaint
- Your complaint review rights
- External dispute resolution schemes
- Privacy complaint: immigration data breach
- Immigration data breach privacy complaint
- Notice to all persons in immigration detention on 31 January 2014: English version
- Immigration data breach privacy complaint determination in English and other languages
- OAIC Notice – immigration data breach privacy complaint
- OAIC Notice - Immigration Data Breach Privacy Complaint - Arabic
- OAIC Notice - Immigration Data Breach Privacy Complaint - Azerbaijani
- OAIC Notice - Immigration Data Breach Privacy Complaint - Bangla
- OAIC Notice - Immigration Data Breach Privacy Complaint - Burmese
- OAIC Notice - immigration data breach privacy complaint: simplified Chinese
- OAIC Notice - immigration data breach privacy complaint: traditional Chinese
- OAIC Notice - Immigration Data Breach Privacy Complaint - Dari
- OAIC Notice - Immigration Data Breach Privacy Complaint - Farsi
- OAIC Notice - Immigration Data Breach Privacy Complaint - Hazaragi
- OAIC Notice - Immigration Data Breach Privacy Complaint - Hindi
- OAIC Notice - Immigration Data Breach Privacy Complaint - Indonesian
- OAIC Notice - Immigration Data Breach Privacy Complaint - Kurdish
- OAIC Notice - Immigration Data Breach Privacy Complaint - Pashto
- OAIC Notice - Immigration Data Breach Privacy Complaint - Punjabi
- OAIC Notice - Immigration Data Breach Privacy Complaint - Syhleti
- OAIC Notice - Immigration Data Breach Privacy Complaint - Tamil
- OAIC Notice - Immigration Data Breach Privacy Complaint - Urdu
- OAIC Notice - Immigration Data Breach Privacy Complaint - Uzbekistani
- OAIC Notice - Immigration Data Breach Privacy Complaint - Vietnamese
- Representative complaint about the handling of personal information by Dymocks Pty Ltd
- Representative complaint about the handling of personal information by Ticketek Pty Ltd
- Australian Privacy Principles
- Australian Privacy Principles quick reference
- Australian Privacy Principles guidelines
- Summary of version changes to APP guidelines
- Preface
- Chapter A: Introductory matters
- Chapter B: Key concepts
- Chapter C: Permitted general situations
- Chapter D: Permitted health situations
- Chapter 1: APP 1 Open and transparent management of personal information
- Chapter 2: APP 2 Anonymity and pseudonymity
- Chapter 3: APP 3 Collection of solicited personal information
- Chapter 4: APP 4 Dealing with unsolicited personal information
- Chapter 5: APP 5 Notification of the collection of personal information
- Chapter 6: APP 6 Use or disclosure of personal information
- Chapter 7: APP 7 Direct marketing
- Chapter 8: APP 8 Cross-border disclosure of personal information
- Chapter 9: APP 9 Adoption, use or disclosure of government related identifiers
- Chapter 10: APP 10 Quality of personal information
- Chapter 11: APP 11 Security of personal information
- Chapter 12: APP 12 Access to personal information
- Chapter 13: APP 13 Correction of personal information
- Read the Australian Privacy Principles
- Privacy guidance for organisations and government agencies
- Organisations
- Credit reporting
- Direct marketing
- Employee records exemption
- ID scanners
- Opting in to the Privacy Act
- Privacy for not-for-profits, including charities
- Privacy management plan template
- Selling a business
- Small business
- Sporting clubs
- Start-ups
- Tips for good privacy practice
- Trading in personal information
- Guidance for EDR schemes when handling complaints about notifiable data breaches
- Tracking pixels and privacy obligations
- Facial recognition technology: a guide to assessing the privacy risks
- Government agencies
- Guidance on privacy and developing and training generative AI models
- Guidance on privacy and the use of commercially available AI products
- Health service providers
- Communications with patients
- Data breach action plan for health service providers
- Guide to health privacy
- Introduction and key concepts
- Chapter 1: Key steps to embedding privacy in your health practice
- Chapter 2: Collecting health information
- Chapter 3: Using or disclosing health information
- Chapter 4: Giving access to health information
- Chapter 5: Correcting health information
- Chapter 6: Health management activities
- Chapter 7: Disclosing information about patients with impaired capacity
- Chapter 8: Using and disclosing genetic information in the case of a serious threat
- Chapter 9: Research
- Individual healthcare identifiers
- My Health Record
- Privacy action plan for your health practice
- Taking photos of patients
- Handling personal information
- Anti-money laundering obligations
- Centrelink requests for information
- Dealing with requests for access to personal information
- Dealing with requests for correction of personal information
- De-identification and the Privacy Act
- De-identification Decision-Making Framework
- Guide to securing personal information
- Guide to the Privacy (Persons Reported as Missing) Rule 2024
- Guidelines for state and territory governments: creating nationally consistent requirements to collect personal information for contact tracing purposes
- National Relay Service
- Posting photos and videos
- Protecting customers' personal information
- Sending personal information overseas
- The Privacy (Tax File Number) Rule 2015 and the protection of tax file number information
- Transfer of financial adviser records
- What is personal information?
- Preventing, preparing for and responding to data breaches
- Privacy impact assessments
- COVID-19
- Coronavirus (COVID-19): understanding your privacy obligations to your staff
- Coronavirus (COVID-19) vaccinations: understanding your privacy obligations to your staff
- COVIDSafe Reports
- Guidance for businesses collecting personal information for contract tracing
- National COVID-19 privacy principles
- Privacy update on the COVIDSafe app
- Retention and deletion of personal information collected during COVID-19
- Guidance for businesses collecting COVID-19 vaccination information
- More guidance
- Australian Bushfires Disaster Emergency Declaration: understanding your privacy obligations
- Australian entities and the European Union General Data Protection Regulation
- Emergencies and disasters
- Guide to data analytics and the Australian Privacy Principles
- Guide to developing an APP privacy policy
- How to develop an APP privacy policy (poster)
- Guidelines for developing codes
- Guidelines for recognising external dispute resolution schemes
- Handling privacy complaints
- Keeping records of disclosures under the Telecommunications Act 1997
- Mobile privacy: a better practice guide for mobile app developers
- Privacy management framework: enabling compliance and encouraging good practice
- Privacy public interest determination guide
- Self-assessment checklist: privacy obligations under the Data Retention Scheme
- Telecommunications service providers' obligations arising under the Privacy Act 1988 as a result of Part 5-1A of the Telecommunications (Interception and Access) Act 1979
- Privacy considerations for financial services entities receiving data from a carrier or carriage service provider under the telecommunications regulations
- Notifiable data breaches
- About the Notifiable Data Breaches scheme
- When to report a data breach
- Report a data breach
- Notifiable data breaches publications
- Notifiable Data Breaches Report: January to June 2024
- Notifiable Data Breaches Report: July to December 2023
- Notifiable Data Breaches Report: January to June 2023
- Notifiable Data Breaches Report: July to December 2022
- Notifiable Data Breaches Report: January to June 2022
- Notifiable Data Breaches Report: July to December 2021
- Notifiable Data Breaches Report: January–June 2021
- Notifiable Data Breaches Report: July–December 2020
- Notifiable Data Breaches Report: January–June 2020
- Notifiable Data Breaches Report: July–December 2019
- Notifiable Data Breaches Report: 1 April to 30 June 2019
- Notifiable Data Breaches Report: 1 January to 31 March 2019
- Notifiable Data Breaches Statistics Report: 1 October to 31 December 2018
- Notifiable Data Breaches Statistics Report: 1 July to 30 September 2018
- Notifiable Data Breaches Statistics Report: 1 April to 30 June 2018
- Notifiable Data Breaches Statistics Report: 1 January to 31 March 2018
- Notifiable Data Breaches scheme 12-month insights report
- Privacy legislation
- Privacy assessments and decisions
- Privacy assessments
- PIA register assessment program
- Handling personal information – Trulioo
- Handling personal information – VIX Verify
- Department of Veterans' Affairs final report – handling of personal information
- A follow-up privacy assessment of Access Canberra
- Managing personal information: Passenger Name Records
- Management of personal information: Qantas Frequent Flyer
- My Health Record access security policy assessment program
- Management of personal information: Velocity Frequent Flyer
- Securing personal information: Australian Digital Health Agency
- Management of personal information: Department of Home Affairs
- Management of personal information: USI Office, Transcript Service
- Handling of personal information: Housing and Community Services ACT
- COVIDSafe Assessment 1: National COVIDSafe Data Store Access Controls
- Handling of personal information: Chamonix, Healthi mobile health application
- Accessing personal information: Department of Immigration and Border Protection
- Securing personal information: Australian Taxation Office, data matching activities
- Summary of the OAIC's assessment of privacy policies of 10 ACT public sector agencies
- Handling of personal information: Telstra Health, HealthNow mobile health application
- Access security governance for the My Health Record system: Midland Private Hospital
- Handling of personal information: Department of Human Services PAYG data matching program
- Handling of personal information: Department of Human Services NEIDM data matching program
- Summary of the OAIC's assessment of IBM's handling of personal information using SmartGate systems
- Access security governance for the My Health Record: St Vincent's Private Hospital Toowoomba
- Summary of the OAIC's assessment of privacy policies of 20 DVS business users in the finance sector
- Handling of personal information: Department of Immigration and Border Protection, Passenger Name Records
- Securing personal information: Services Australia (formerly Department of Human Services), data matching activities
- Summary of the OAIC's assessment of agencies with publication obligations under the Privacy (Tax File Number) Rule 2015
- Summary of the OAIC's assessment of SITA's handling of personal information using the advance passenger processing system
- Summary of the OAIC's assessment of five Registered Training Organisations and their management of personal information
- Assessment of contractual provisions for services in regional processing centres: Department of Immigration and Border Protection
- Summary of the OAIC's assessment of Healthscope Group's information security controls to protect Individual Healthcare Identifiers (IHIs)
- Schedule 6, Foreign Fighters Act: follow-up of the Department of Immigration and Border Protection's implementation of the recommendations
- Schedule 5, Foreign Fighters Act: follow-up of the Department of Immigration and Border Protection's implementation of the recommendations
- Summary of the OAIC's assessment of Department of Immigration and Border Protection's handling of personal information using SmartGate systems
- Summary of the OAIC's assessment of 14 pharmacies and eight diagnostic imaging services access security governance for the My Health Record system
- Handling of personal information: Services Australia (formerly Department of Human Services) Annual Investment Income Report (AIIR) data matching program
- Summary of OAIC assessments of telecommunications organisations' information security under the Telecommunications (Interception and Access) Act 2015: Telstra, Vodafone, Optus, TPG
- Summary of OAIC assessment of telecommunication organisations' information security practices when disclosing personal information under the Telecommunications (Interception and Access) Act 1979
- COVIDSafe Assessment 3: COVIDSafe application functionality, privacy policy and collection notices
- Summary of Consumer Data Right Assessment 1
- COVIDSafe Assessment 4: retention, destruction and deletion of COVID app data
- Handling of personal information: a follow-up privacy assessment of Housing and Community Services ACT
- Privacy impact assessment register assessment program
- Summary of OAIC’s inspection of telecommunications organisations’ records of disclosure under the Telecommunications Act
- My Health Records security and access policy assessment 1: general practice clinic survey
- My Health Records security and access policy assessment 2: security and access governance
- Summary of COVIDSafe Assessment 2: state and territory health authority access controls
- COVIDSafe Assessment 5: obligations after the end of the COVIDSafe data period
- Handling personal information: Services Australia’s role as the Identity Exchange
- Cross-border disclosures of personal information – Passenger Name Records
- Data matching conducted by the Department of Health and Aged Care: Practice Incentives Program eHealth Incentives Compliance Program
- OAIC’s summary of 7 ACT Directorates’ data breach response plans
- Privacy assessments forward plan for 2023-24 and 2024-25
- Handling of personal information: emergency access in the My Health Record system
- Handling of personal information: my health app
- Digital ID assessment 2: myGovID destruction of biometric information
- Identity Verification Services Assessment Report – Privacy Obligations
- Digital ID Assessment 3: myID notification of collection, use or disclosure of personal information
- Privacy decisions
- Enforceable undertakings
- TeleChoice: enforceable undertaking
- Singtel Optus: enforceable undertaking
- Avid Life Media: enforceable undertaking
- Organica and Brygon: enforceable undertaking
- Department of Health: enforceable undertaking
- Wilson Asset Management: enforceable undertaking
- Commonwealth Bank of Australia: enforceable undertaking
- Precedent Communications Australia: enforceable undertaking
- Australian Red Cross Blood Service: enforceable undertaking
- Australian Recoveries & Collections: enforceable undertaking
- Marriott International: enforceable undertaking
- Inspiring Vacations: enforceable undertaking
- Meta Platforms, Inc.: enforceable undertaking
- Oxfam Australia’s enforceable undertaking in respect of the Australian Information Commissioner’s investigation into Oxfam
- Investigation reports
- MBS/PBS data publication
- Ashley Madison joint investigation
- Multicard Pty Ltd: own motion investigation report
- Cupid Media Pty Ltd: own motion investigation report
- AAPT and Melbourne IT: own motion investigation report
- Medvet Science Pty Ltd: own motion investigation report
- Pound Road Medical Centre: own motion investigation report
- Vodafone Hutchison Australia: own motion investigation report
- Dell Australia and Epsilon: own motion investigation report
- DonateBlood.com.au data breach (Precedent Communications Pty Ltd)
- Sony PlayStation Network/Qriocity: own motion investigation report
- Telstra Corporation Limited: own motion investigation report (2014)
- Telstra Corporation Limited: own motion investigation report (2012)
- Adobe Systems Software Ireland Ltd: own motion investigation report
- DonateBlood.com.au data breach (Australian Red Cross Blood Service)
- Professional Services Review Agency: own motion investigation report
- First State Super Trustee Corporation: own motion investigation report
- Telstra Corporation Limited: own motion investigation report (2011)
- Department of Immigration and Border Protection: own motion investigation report
- Privacy determinations
- Privacy registers
- Classes of lawful tax file number recipients
- Data matching exemptions register
- Family day care educators and operators data matching program
- Motor vehicle registries data matching program
- Real Property Transactions data matching program
- Visa holders data matching program
- Taxable government grants and payments data matching program
- Program protocol for data matching with the Australian Transactions Reports and Analysis Centreer
- Lifestyle assets data matching program
- Ride sourcing data matching program
- Banking transparency strategy data matching program
- Motor vehicle registries data matching program 2013–16
- Ride sourcing data matching program protocol 2016–18
- Lifestyle assets data matching program 2013–15
- Contractor payments data matching program
- Online selling data matching program protocol
- Credit and debit card data matching program
- Share transactions data matching program protocol
- Share transactions data matching program 1985–2018
- Rental bond data matching program
- Credit and debit card data matching program 2015
- Share transactions data matching program protocol 2014–16
- Online selling data matching program 2013–14
- Specialised payment systems data matching program
- Sharing economy accommodation data matching program
- Partner visa data matching program
- Foreign Investment Review Board data matching program
- Ride sourcing data matching program 2015–20
- Contractor payments data matching program 2016–19
- Specialised payment systems data matching program 2014–17
- DIBP visa holders data matching program protocol
- Privacy codes
- Privacy codes register
- Privacy (Credit Reporting) Code 2024
- Privacy (Market and Social Research) Code 2021
- Privacy (Australian Government Agencies – Governance) APP Code 2017
- Privacy (Credit Reporting) Code 2014 (Version 2.3)
- Privacy (Credit Reporting) Code 2014 (Version 2.2)
- Privacy (Credit Reporting) Code 2014 (Version 2.1)
- Privacy (Market and Social Research) Code 2014
- Credit Reporting Code variation approved (2024)
- Children’s Online Privacy Code
- Public interest determinations register
- Recognised external dispute resolution schemes register
- Privacy opt-in register
- Freedom of information
- Your freedom of information rights
- How to access government information
- Freedom of information guidance for government agencies
- Freedom of information guidelines
- Summary of version changes to s93A guidelines
- Part 1: Introduction to the Freedom of Information Act 1982
- Part 2: Scope of application of the Freedom of Information Act 1982
- Part 3: Processing and deciding on requests for access
- Part 4: Charges for providing access
- Part 5: Exemptions
- Part 6: Conditional exemptions
- Part 7: Amendment and annotation of personal records
- Part 8: This part has been superseded and the content moved to Part 3
- Part 9: Internal agency review of decisions
- Part 10: Review by the Information Commissioner
- Part 11: Investigations and complaints
- Part 12: Vexatious applicant declarations
- Part 13: Information Publication Scheme
- Part 14: Disclosure log
- Part 15: Reporting
- Glossary
- Proactive publication and administrative access
- Information Publication Scheme
- About the Information Publication Scheme
- Information Publication Scheme and disclosure log determinations policy and procedure
- Information Publication Scheme overview for senior executive staff
- Information Publication Scheme and disclosure log summary
- Information Publication Scheme review survey 2018
- Information Publication Scheme review survey 2012
- What is a disclosure log?
- Is the decision to publish information in the disclosure log or the Information Publication Scheme a decision that the Information Commissioner can review?
- What is 'operational information' for the purposes of the Information Publication Scheme?
- What does information 'routinely provided to parliament' include for the purposes of the Information Publication Scheme?
- When will something be 'unreasonable' to publish under section 11C and under the Information Publication Scheme
- Administrative access
- How do administrative access schemes interact with the proactive disclosure requirements
- Will the Information Commissioner issue guidance on records management?
- Government agency website requirements
- Freedom of information reviews
- Summary of the freedom of information review process
- What is the difference between a complaint and an application for review of a freedom of information decision?
- Personal and business information: third-party review rights
- Internal review process
- Quick guide to the direction applicants follow in an Information Commissioner review
- What decisions can the Administrative Appeals Tribunal review?
- What is an agency's role during an Information Commissioner review?
- Part 10 — Review by the Information Commissioner
- Direction as to certain procedures to be followed in Information Commissioner reviews (for agencies). FAQs for agencies and ministers
- Guidance on handling a freedom of information request
- Legal definitions and questions
- Defining an agency
- Exemptions and conditional exemptions under the Freedom of Information Act 1982
- What are the criteria for a vexatious applicant declaration?
- What is an agency's obligations on a Commonwealth contract?
- What is considered a document under the Freedom of Information Act 1982?
- What protections does the Freedom of Information Act 1982 provide from civil liability and breach of copyright?
- Who qualifies as a 'person' eligible to make a request under s 15 of the Freedom of Information Act 1982?
- Processing a freedom of information request
- Can a request be transferred to or by a minister?
- Documents held by government contractors
- Does a document have to be released at the same time a decision is notified?
- Should an agency consult anyone else before releasing a document?
- What happens if a request doesn't comply with the requirements under the Freedom of Information ACT 1982
- Processing time
- How long does an agency have to process a freedom of information request?
- Apply for an extension of time to process a freedom of information request
- Public holidays and agency shutdown periods: calculating the processing period
- How can an agency meet statutory timeframes during the COVID-19 pandemic?
- Calculating costs
- Handling personal or business information
- Checklists, handouts and templates
- Fact sheet for freedom of information practitioners to give to staff
- Making a decision on a freedom of information request
- Sample freedom of information notices
- Statement of reasons checklist
- Taking all reasonable steps to find documents in a freedom of information request
- Tips for freedom of information decision-makers
- More guidance
- Freedom of information guide
- FOIstats guide
- Statement of principles to support proactive disclosure of government-held information
- What is personal information and how does it interact with the Freedom of Information Act 1982
- What freedom of information statistics do agencies and ministers need to produce?
- Freedom of Information agency resources
- FOI agency resource Managing increased volume of FOI requests
- Twelve tips for FOI decision makers
- Calculating and imposing charges for FOI access requests
- Processing requests for amendment or annotation of personal records
- Exemptions and conditional exemptions under the Freedom of Information Act 1982
- Statement of reasons checklist
- Making a decision on an FOI access request
- Information Publication Scheme (IPS) and Disclosure Log determinations policy and procedure
- Defining an agency
- Sample FOI notices
- Administrative access
- Considering the public interest test
- Engagement checklist – Information Commissioner review compulsory conference
- Submissions checklist – Making submissions following notification of an IC review application (agency or minister)
- Agency Resource – The Deliberative Processes Exemption s 47C
- Information Commissioner reviews
- Direction as to certain procedures to be followed by agencies and ministers in Information Commissioner reviews
- Direction as to certain procedures to be followed by applicants in Information Commissioner reviews
- Information Commissioner Reviews: Quick guide to use of directions and information gathering powers
- Self-assessment tool for agencies
- Freedom of Information Practitioners’ Survey 2024
- Freedom of information legislation and determinations
- Information Commissioner decisions and reports
- Freedom of information investigation outcomes
- Freedom of information reports
- Disclosure log desktop review
- Commissioner initiated investigation into the Department of Home Affairs
- FOI at the Department of Human Services
- Processing of non-routine FOI requests by the Department of Immigration and Citizenship
- Review of charges under the Freedom of Information Act 1982: Report to the Attorney-General
- Information Commissioner review decisions
- Vexatious applicant declarations
- Freedom of information statistics for the OAIC
- Australian Government freedom of information statistics
- Consumer Data Right
- Information for consumers
- Consumer Data Right complaints
- Consumer Data Right guidance for business
- Consumer Data Right and the Privacy Act
- About the Consumer Data Right and the privacy safeguards
- Consumer Data Right Privacy Safeguard Guidelines
- Summary of version changes to CDR Privacy Safeguard Guidelines
- Chapter A: Introductory matters
- Chapter B: Key concepts
- Chapter C: Consent – The basis for collecting and using CDR data
- Chapter 1: Privacy Safeguard 1 – Open and transparent management of CDR data
- Chapter 2: Privacy Safeguard 2 – Anonymity and pseudonymity
- Chapter 3: Privacy Safeguard 3 – Seeking to collect CDR data from CDR participants
- Chapter 4: Privacy Safeguard 4 – Dealing with unsolicited CDR data from CDR participants
- Chapter 5: Privacy Safeguard 5 – Notifying of the collection of CDR data
- Chapter 6: Privacy Safeguard 6 – Use or disclosure of CDR data by accredited data recipients or designated gateways
- Chapter 7: Privacy Safeguard 7 – Use or disclosure of CDR data for direct marketing by accredited data recipients or designated gateways
- Chapter 8: Privacy Safeguard 8 – Overseas disclosure of CDR data by accredited data recipients
- Chapter 9: Privacy Safeguard 9 – Adoption or disclosure of government related identifiers by accredited data recipients
- Chapter 10: Privacy Safeguard 10 – Notifying of the disclosure of CDR data
- Chapter 11: Privacy Safeguard 11 – Quality of CDR data
- Chapter 12: Privacy Safeguard 12 – Security of CDR data and destruction or de-identification of redundant CDR data
- Chapter 13: Privacy Safeguard 13 – Correction of CDR data
- Privacy obligations
- About privacy obligations
- Consumer consent, authorisation and dashboards
- Consumer Data Right insights
- Guide to developing a Consumer Data Right policy
- Guide to privacy for data holders
- Privacy FAQs for accredited data recipient customers
- Trusted advisers in the Consumer Data Right system
- CDR outsourcing arrangement: privacy obligations for an outsourced service provider
- CDR outsourcing arrangement: privacy obligations for a principal of an outsourced service provider
- CDR representative model: privacy obligations of a CDR principal
- CDR representative model: privacy obligations of a CDR representative
- Sponsored accreditation model: privacy obligations of an affiliate
- Sponsored accreditation model: privacy obligations of a sponsor
- Guidance for entities handling CDR data on preparing for and responding to cyber incidents involving CDR data
- Consumer Data Right legislation, regulation and definitions
- Consumer Data Right assessments
- Digital ID
- Engage with us
- Consultations
- Remaking the Privacy (Persons Reported as Missing) Rule 2014
- Consultation on remaking of Privacy (Credit Related Research) Rule
- National Health (Privacy) Rules 2021 review
- Part 9 of the Freedom of Information Guidelines (internal review)
- Draft of Part 9 of the Freedom of Information Guidelines (internal review)
- Part 14 of the Freedom of Information Guidelines (disclosure log)
- Draft of Part 14 of the Freedom of Information Guidelines (disclosure log)
- Consultation on draft revisions to Part 13 of the FOI Guidelines: Information Publication Scheme
- Consultation on draft revisions to the ‘Direction as to certain procedures to be followed in Information Commissioner reviews’ (for agencies) and the ‘Direction as to certain procedures to be followed by applicants in Information Commissioner review
- Draft direction as to certain procedures to be followed in IC reviews
- Part 2 of the FOI Guidelines
- Consultation on updates to Part 6 (v 1.4) of the FOI Guidelines: conditional exemptions
- Consultation on draft revisions to Part 5 of the FOI Guidelines: Exemptions
- National Health (Privacy) Rules 2018 review
- Consultation paper: National Health (Privacy) Rules 2018 review
- National Health (Privacy) Rules 2018 review – submissions
- Consultation on health and medical research guidelines
- Applications for new public interest determinations regarding international money transfers (2024)
- Submissions
- Translations
- Events
- Networks
- Information Contact Officers Network
- ICON alert
- ICON alert - edition 14
- ICON alert - edition 13
- ICON alert - edition 12
- ICON alert - edition 11
- ICON alert – edition 10
- ICON alert - edition 9
- ICON alert - edition 8
- ICON alert - edition 7
- ICON alert - edition 6
- ICON alert - edition 5
- ICON alert - edition 4
- ICON alert - edition 3
- ICON alert - edition 2
- ICON alert - edition 1
- Privacy Professionals Network
- Domestic networks
- International networks
- Information Matters newsletter
- Research and training resources
- Research
- Australian Community Attitudes to Privacy Survey
- Government attitudes towards privacy in Australia 2001
- Community attitudes towards privacy in Australia 2001
- Business attitudes towards privacy in Australia 2001
- Community Attitudes to Privacy Survey 2004
- Community Attitudes Towards Privacy Study 2007
- Community Attitudes towards Privacy 2007 Methodological Report
- Community Attitudes to Privacy Survey Research Report 2013
- Australian Community Attitudes to Privacy Survey 2017 Report
- Australian Community Attitudes to Privacy Survey 2017 infographic
- Australian Community Attitudes to Privacy Survey 2020
- Australian Community Attitudes to Privacy Survey 2020 infographic
- Australian Community Attitudes to Privacy Survey 2023
- Australian Community Attitudes to Privacy Survey 2023 infographic
- Australian Government Information Access Survey
- Research publications on the Privacy Act
- e-learning
- Videos
- Consumer Data Right policy
- Consumer Data Right complaints
- What is privacy?
- It’s your right to know
- Consumer Data Right privacy safeguard 1
- How to make a freedom of information request
- 12 tips for freedom of information decision-makers
- How do I make a privacy complaint?
- Sharing My Health Record — It's My Choice
- Privacy and the My Health Record system
- How to make a privacy complaint (Auslan)
- How do I access my personal information?
- Privacy in the Australian Public Service
- Privacy is important for start-up businesses
- Making privacy a priority in the decade of data
- Privacy for policy developers and project managers
- What can I do about my neighbour’s security camera?
- Australian Community Attitudes to Privacy Survey 2020
- Australian Community Attitudes to Privacy Survey 2017
- Data breach requirements in the My Health Record system
- Is my real estate agent allowed to take photos in my house?
- Handling sensitive information in the My Health Record system
- 10 top tips for good privacy practice for start-up businesses
- Accessing government-held information in Australia
- Request for information: the respondent
- Request for information: the complainant
- Australian Community Attitudes to Privacy Survey 2023 explainer animation
- What privacy means to Australians in 2023
- The biggest privacy risks for Australians in 2023
- The role organisations have to protect privacy in 2023
- Protecting children’s privacy in 2023
- Australian Information Commissioner and Privacy Commissioner Angelene Falk discusses IAID 2023
- Acting Freedom of Information Commissioner Toni Pirani shares her thoughts about transparency
- Australian Public Service Commissioner Gordon de Brouwer discusses public service transparency
- Webinars
- About the OAIC
- What we do
- Who we are
- Join our team
- Access our information
- Our regulatory approach
- Consumer Data Right regulatory action policy
- Compliance and enforcement policy
- Guide to privacy regulatory action
- Introduction
- Chapter 1: Privacy complaint handling process
- Chapter 2: Commissioner initiated investigations and referrals
- Chapter 3: Information sharing
- Chapter 4: Enforceable undertakings
- Chapter 5: Determinations
- Chapter 6: Injunctions
- Chapter 7: Civil penalties — serious or repeated interference with privacy and other penalty provisions
- Chapter 8: Infringement notices
- Chapter 9: Privacy assessments
- Chapter 10: Directing a privacy impact assessment
- Chapter 11: Data breach incidents
- Freedom of information regulatory action policy
- OAIC regulatory priorities
- Privacy regulatory action policy
- Our international work
- My Health Records guidelines
- Making claims of legal professional privilege
- Statement of regulatory approach
- Our corporate information
- OAIC annual reports
- Digital health annual reports
- Annual report of the Australian Information Commissioner's activities in relation to digital health 2023–24
- Annual report of the Australian Information Commissioner's activities in relation to digital health 2022–23
- Annual report into the Australian Information Commissioner's activities in relation to digital health 2021–22
- Annual report of the Australian Information Commissioner's activities in relation to digital health 2020–21
- Annual report of the Australian Information Commissioner's activities in relation to digital health 2019–20
- Annual report of the Australian Information Commissioner's activities in relation to digital health 2018–19
- Corporate plans
- Plans, policies and procedures
- Procedures for Managing Suspected Breaches of the APS Code of Conduct
- Data breach response plan
- OAIC Emissions reduction plan 2024–2026
- External complaints about OAIC employees or contractors
- External complaints about OAIC employees or contractors – overarching policy
- Gifts and benefits policy
- Human resources privacy policy
- Information Publication Scheme agency plan
- Multicultural access and equity plan 2019–20
- OAIC asset management policy and guidelines
- OAIC service charter
- Operational policy and process: publication of submissions
- Privacy complaints about the OAIC
- Privacy policy
- Privacy policy summary
- Public interest disclosure procedures
- Procurement judicial review policy
- Operational information
- Accountable authority instructions
- Appointment and authorisation instrument: Chief Security Officer/Chief Risk Officer
- Budget
- Delegation of freedom of information powers and functions
- Delegation of privacy powers and functions
- Employee census results
- OAIC Audit Committee
- OAIC Enterprise Agreement 2024-2027
- OAIC Privacy Champion, Chief Privacy Officer and Privacy Officer roles
- Privacy Officer appointment instrument
- Regulator expectations and intent
- Accountability
- Advertising
- Gifts and benefits register
- Government contracts
- Grants and appointments
- Indexed list of files
- File list 1 July to 31 December 2022
- File list 1 January to 30 June 2022
- File list 1 July to 31 December 2021
- File list 1 January to 30 June 2021
- File list 1 July to 31 December 2020
- File list 1 January to 30 June 2020
- File list 1 January to 30 June 2023
- File list 1 July to 31 December 2023
- File list 1 January to 30 June 2024
- Legal services expenditure
- Public interest disclosures
- Reporting fraud and corruption at the OAIC
- Memorandums of understanding
- Current memorandums of understanding
- Consumer Data Right
- MOU with the Australian Competition and Consumer Commission: exchange of information
- MOU with the Australian Communications and Media Authority
- MOU with the Data Protection Commissioner of Ireland
- MOU with the Information Commissioner for the United Kingdom
- MOU with Inspector-General of Intelligence and Security
- MOU with the Personal Data Protection Commission of the Republic of Singapore
- National Facial Biometric Matching Capability
- MOU with the Australian Securities and Investments Commission in relation to Information Sharing
- MOU with the Australian Prudential Regulation Authority in relation to Cooperation and Information Sharing
- MOU between the ACCC, OAIC and Chief Executive Centrelink: Digital ID
- Memorandum of understanding reports
- MOU with the ACT for the provision of privacy services: Annual report 2020–21
- MOU with the ACT for the provision of privacy services: Annual report 2019–20
- MOU with the ACT for the provision of privacy services: Annual report 2018–19
- MOU with the ACT for the provision of privacy services: Annual report 2021–22
- Memorandum of Understanding with the Australian Capital Territory for the provision of privacy services: Annual Report 2022-23
- Other agreements
- Statement with APEC on privacy enforcement authority practices and activities
- Agreement with System Operator: information sharing and complaint referral for the eHealth record system
- Arrangement with state and territory health and privacy regulators: information sharing and complaint referral for the eHealth record system
- Collaboration principles with Privacy Commission NSW
- Information sharing and complaint referral arrangements under Part VIIIA of the Privacy Act 1988
- Information sharing arrangement for referring privacy complaints between the OAIC and external dispute resolution schemes
- Letter of Exchange signed by Home Affairs and OAIC
- Annual Statement of Compliance with the Commonwealth Child Safe Framework 2023
- OAIC AI transparency statement
- Information policy
- What is information policy
- Open government
- Information policy resources
- Access to and use of public sector information: the academic re-user perspective
- Open data quick wins – getting the most out of agency publications
- Open public sector information: from principles to practice
- Open public sector information: government in transition
- Principles on open public sector information
- Principles on open public sector information: report on review and development of principles
- Serving legal documents on the Australian Information Commissioner
