- Privacy
- Your privacy rights
- Your personal information
- What is personal information?
- What is privacy?
- What is a privacy policy?
- Access your personal information
- Correct your personal information
- Request a record
- Consent to the handling of personal information
- Collection of personal information
- Use and disclosure of personal information
- Your tax file number
- Credit reporting
- What is credit reporting?
- What is a credit report?
- Credit reporting terms
- What stays on a credit report?
- Access your credit report
- Correct your credit report
- Information on your credit report
- Repayment history and defaults
- Third-party access to credit reports
- Fraud and your credit report
- Hardship assistance
- Commercial credit information
- Make a credit reporting complaint
- Real estate agents, employers and your credit report
- Data breaches
- Health information
- Social media and online privacy
- Surveillance and monitoring
- Ways to protect your privacy
- More privacy rights
- Your personal information
- Privacy complaints
- Representative complaint: Medibank data breach
- What you can complain about
- Complain to an organisation or agency
- Lodge a privacy complaint with us
- How we investigate and resolve your complaint
- Your complaint review rights
- External dispute resolution schemes
- Privacy complaint: immigration data breach
- Immigration data breach privacy complaint
- Notice to all persons in immigration detention on 31 January 2014: English version
- Immigration data breach privacy complaint determination in English and other languages
- OAIC Notice – immigration data breach privacy complaint
- OAIC Notice - Immigration Data Breach Privacy Complaint - Arabic
- OAIC Notice - Immigration Data Breach Privacy Complaint - Azerbaijani
- OAIC Notice - Immigration Data Breach Privacy Complaint - Bangla
- OAIC Notice - Immigration Data Breach Privacy Complaint - Burmese
- OAIC Notice - immigration data breach privacy complaint: simplified Chinese
- OAIC Notice - immigration data breach privacy complaint: traditional Chinese
- OAIC Notice - Immigration Data Breach Privacy Complaint - Dari
- OAIC Notice - Immigration Data Breach Privacy Complaint - Farsi
- OAIC Notice - Immigration Data Breach Privacy Complaint - Hazaragi
- OAIC Notice - Immigration Data Breach Privacy Complaint - Hindi
- OAIC Notice - Immigration Data Breach Privacy Complaint - Indonesian
- OAIC Notice - Immigration Data Breach Privacy Complaint - Kurdish
- OAIC Notice - Immigration Data Breach Privacy Complaint - Pashto
- OAIC Notice - Immigration Data Breach Privacy Complaint - Punjabi
- OAIC Notice - Immigration Data Breach Privacy Complaint - Syhleti
- OAIC Notice - Immigration Data Breach Privacy Complaint - Tamil
- OAIC Notice - Immigration Data Breach Privacy Complaint - Urdu
- OAIC Notice - Immigration Data Breach Privacy Complaint - Uzbekistani
- OAIC Notice - Immigration Data Breach Privacy Complaint - Vietnamese
- Australian Privacy Principles
- Australian Privacy Principles quick reference
- Australian Privacy Principles guidelines
- Summary of version changes to APP guidelines
- Preface
- Chapter A: Introductory matters
- Chapter B: Key concepts
- Chapter C: Permitted general situations
- Chapter D: Permitted health situations
- Chapter 1: APP 1 Open and transparent management of personal information
- Chapter 2: APP 2 Anonymity and pseudonymity
- Chapter 3: APP 3 Collection of solicited personal information
- Chapter 4: APP 4 Dealing with unsolicited personal information
- Chapter 5: APP 5 Notification of the collection of personal information
- Chapter 6: APP 6 Use or disclosure of personal information
- Chapter 7: APP 7 Direct marketing
- Chapter 8: APP 8 Cross-border disclosure of personal information
- Chapter 9: APP 9 Adoption, use or disclosure of government related identifiers
- Chapter 10: APP 10 Quality of personal information
- Chapter 11: APP 11 Security of personal information
- Chapter 12: APP 12 Access to personal information
- Chapter 13: APP 13 Correction of personal information
- Read the Australian Privacy Principles
- Privacy guidance for organisations and government agencies
- Organisations
- Credit reporting
- Direct marketing
- Employee records exemption
- ID scanners
- Opting in to the Privacy Act
- Privacy for not-for-profits, including charities
- Privacy management plan template
- Selling a business
- Small business
- Sporting clubs
- Start-ups
- Tips for good privacy practice
- Trading in personal information
- Guidance for EDR schemes when handling complaints about notifiable data breaches
- Government agencies
- Health service providers
- Communications with patients
- Data breach action plan for health service providers
- Guide to health privacy
- Introduction and key concepts
- Chapter 1: Key steps to embedding privacy in your health practice
- Chapter 2: Collecting health information
- Chapter 3: Using or disclosing health information
- Chapter 4: Giving access to health information
- Chapter 5: Correcting health information
- Chapter 6: Health management activities
- Chapter 7: Disclosing information about patients with impaired capacity
- Chapter 8: Using and disclosing genetic information in the case of a serious threat
- Chapter 9: Research
- Individual healthcare identifiers
- My Health Record
- Privacy action plan for your health practice
- Taking photos of patients
- Handling personal information
- Anti-money laundering obligations
- Centrelink requests for information
- Dealing with requests for access to personal information
- Dealing with requests for correction of personal information
- De-identification and the Privacy Act
- De-identification Decision-Making Framework
- Guide to securing personal information
- Guide to the Privacy (Persons Reported as Missing) Rule 2024
- Guidelines for state and territory governments: creating nationally consistent requirements to collect personal information for contact tracing purposes
- National Relay Service
- Posting photos and videos
- Protecting customers' personal information
- Sending personal information overseas
- The Privacy (Tax File Number) Rule 2015 and the protection of tax file number information
- Transfer of financial adviser records
- What is personal information?
- Preventing, preparing for and responding to data breaches
- Privacy impact assessments
- COVID-19
- Coronavirus (COVID-19): understanding your privacy obligations to your staff
- Coronavirus (COVID-19) vaccinations: understanding your privacy obligations to your staff
- COVIDSafe Reports
- Guidance for businesses collecting personal information for contract tracing
- National COVID-19 privacy principles
- Privacy update on the COVIDSafe app
- Retention and deletion of personal information collected during COVID-19
- Guidance for businesses collecting COVID-19 vaccination information
- More guidance
- Australian Bushfires Disaster Emergency Declaration: understanding your privacy obligations
- Australian entities and the European Union General Data Protection Regulation
- Emergencies and disasters
- Guide to data analytics and the Australian Privacy Principles
- Guide to developing an APP privacy policy
- How to develop an APP privacy policy (poster)
- Guidelines for developing codes
- Guidelines for recognising external dispute resolution schemes
- Handling privacy complaints
- Keeping records of disclosures under the Telecommunications Act 1997
- Mobile privacy: a better practice guide for mobile app developers
- Privacy management framework: enabling compliance and encouraging good practice
- Privacy public interest determination guide
- Self-assessment checklist: privacy obligations under the Data Retention Scheme
- Telecommunications service providers' obligations arising under the Privacy Act 1988 as a result of Part 5-1A of the Telecommunications (Interception and Access) Act 1979
- Privacy considerations for financial services entities receiving data from a carrier or carriage service provider under the telecommunications regulations
- Organisations
- Notifiable data breaches
- About the Notifiable Data Breaches scheme
- When to report a data breach
- Report a data breach
- Notifiable data breaches publications
- Notifiable Data Breaches Report: July to December 2023
- Notifiable Data Breaches Report: January to June 2023
- Notifiable Data Breaches Report: July to December 2022
- Notifiable Data Breaches Report: January to June 2022
- Notifiable Data Breaches Report: July to December 2021
- Notifiable Data Breaches Report: January–June 2021
- Notifiable Data Breaches Report: July–December 2020
- Notifiable Data Breaches Report: January–June 2020
- Notifiable Data Breaches Report: July–December 2019
- Notifiable Data Breaches Report: 1 April to 30 June 2019
- Notifiable Data Breaches Report: 1 January to 31 March 2019
- Notifiable Data Breaches Statistics Report: 1 October to 31 December 2018
- Notifiable Data Breaches Statistics Report: 1 July to 30 September 2018
- Notifiable Data Breaches Statistics Report: 1 April to 30 June 2018
- Notifiable Data Breaches Statistics Report: 1 January to 31 March 2018
- Notifiable Data Breaches scheme 12-month insights report
- Privacy legislation
- Privacy assessments and decisions
- Privacy assessments
- PIA register assessment program
- Handling personal information – Trulioo
- Handling personal information – VIX Verify
- Department of Veterans' Affairs final report – handling of personal information
- A follow-up privacy assessment of Access Canberra
- Managing personal information: Passenger Name Records
- Management of personal information: Qantas Frequent Flyer
- My Health Record access security policy assessment program
- Management of personal information: Velocity Frequent Flyer
- Securing personal information: Australian Digital Health Agency
- Management of personal information: Department of Home Affairs
- Management of personal information: USI Office, Transcript Service
- Handling of personal information: Housing and Community Services ACT
- COVIDSafe Assessment 1: National COVIDSafe Data Store Access Controls
- Handling of personal information: Chamonix, Healthi mobile health application
- Accessing personal information: Department of Immigration and Border Protection
- Securing personal information: Australian Taxation Office, data matching activities
- Summary of the OAIC's assessment of privacy policies of 10 ACT public sector agencies
- Handling of personal information: Telstra Health, HealthNow mobile health application
- Access security governance for the My Health Record system: Midland Private Hospital
- Handling of personal information: Department of Human Services PAYG data matching program
- Handling of personal information: Department of Human Services NEIDM data matching program
- Summary of the OAIC's assessment of IBM's handling of personal information using SmartGate systems
- Access security governance for the My Health Record: St Vincent's Private Hospital Toowoomba
- Summary of the OAIC's assessment of privacy policies of 20 DVS business users in the finance sector
- Handling of personal information: Department of Immigration and Border Protection, Passenger Name Records
- Securing personal information: Services Australia (formerly Department of Human Services), data matching activities
- Summary of the OAIC's assessment of agencies with publication obligations under the Privacy (Tax File Number) Rule 2015
- Summary of the OAIC's assessment of SITA's handling of personal information using the advance passenger processing system
- Summary of the OAIC's assessment of five Registered Training Organisations and their management of personal information
- Assessment of contractual provisions for services in regional processing centres: Department of Immigration and Border Protection
- Summary of the OAIC's assessment of Healthscope Group's information security controls to protect Individual Healthcare Identifiers (IHIs)
- Schedule 6, Foreign Fighters Act: follow-up of the Department of Immigration and Border Protection's implementation of the recommendations
- Schedule 5, Foreign Fighters Act: follow-up of the Department of Immigration and Border Protection's implementation of the recommendations
- Summary of the OAIC's assessment of Department of Immigration and Border Protection's handling of personal information using SmartGate systems
- Summary of the OAIC's assessment of 14 pharmacies and eight diagnostic imaging services access security governance for the My Health Record system
- Handling of personal information: Services Australia (formerly Department of Human Services) Annual Investment Income Report (AIIR) data matching program
- Summary of OAIC assessments of telecommunications organisations' information security under the Telecommunications (Interception and Access) Act 2015: Telstra, Vodafone, Optus, TPG
- Summary of OAIC assessment of telecommunication organisations' information security practices when disclosing personal information under the Telecommunications (Interception and Access) Act 1979
- COVIDSafe Assessment 3: COVIDSafe application functionality, privacy policy and collection notices
- Summary of Consumer Data Right Assessment 1
- COVIDSafe Assessment 4: retention, destruction and deletion of COVID app data
- Handling of personal information: a follow-up privacy assessment of Housing and Community Services ACT
- Privacy impact assessment register assessment program
- Summary of OAIC’s inspection of telecommunications organisations’ records of disclosure under the Telecommunications Act
- My Health Records security and access policy assessment 1: general practice clinic survey
- My Health Records security and access policy assessment 2: security and access governance
- Summary of COVIDSafe Assessment 2: state and territory health authority access controls
- COVIDSafe Assessment 5: obligations after the end of the COVIDSafe data period
- Handling personal information: Services Australia’s role as the Identity Exchange
- Cross-border disclosures of personal information – Passenger Name Records
- Data matching conducted by the Department of Health and Aged Care: Practice Incentives Program eHealth Incentives Compliance Program
- OAIC’s summary of 7 ACT Directorates’ data breach response plans
- Privacy assessments forward plan for 2023-24 and 2024-25
- Handling of personal information: emergency access in the My Health Record system
- Privacy decisions
- Enforceable undertakings
- TeleChoice: enforceable undertaking
- Singtel Optus: enforceable undertaking
- Avid Life Media: enforceable undertaking
- Organica and Brygon: enforceable undertaking
- Department of Health: enforceable undertaking
- Wilson Asset Management: enforceable undertaking
- Commonwealth Bank of Australia: enforceable undertaking
- Precedent Communications Australia: enforceable undertaking
- Australian Red Cross Blood Service: enforceable undertaking
- Australian Recoveries & Collections: enforceable undertaking
- Marriott International: enforceable undertaking
- Investigation reports
- MBS/PBS data publication
- Ashley Madison joint investigation
- Multicard Pty Ltd: own motion investigation report
- Cupid Media Pty Ltd: own motion investigation report
- AAPT and Melbourne IT: own motion investigation report
- Medvet Science Pty Ltd: own motion investigation report
- Pound Road Medical Centre: own motion investigation report
- Vodafone Hutchison Australia: own motion investigation report
- Dell Australia and Epsilon: own motion investigation report
- DonateBlood.com.au data breach (Precedent Communications Pty Ltd)
- Sony PlayStation Network/Qriocity: own motion investigation report
- Telstra Corporation Limited: own motion investigation report (2014)
- Telstra Corporation Limited: own motion investigation report (2012)
- Adobe Systems Software Ireland Ltd: own motion investigation report
- DonateBlood.com.au data breach (Australian Red Cross Blood Service)
- Professional Services Review Agency: own motion investigation report
- First State Super Trustee Corporation: own motion investigation report
- Telstra Corporation Limited: own motion investigation report (2011)
- Department of Immigration and Border Protection: own motion investigation report
- Privacy determinations
- Enforceable undertakings
- Privacy assessments
- Privacy registers
- Classes of lawful tax file number recipients
- Data matching exemptions register
- Family day care educators and operators data matching program
- Motor vehicle registries data matching program
- Real Property Transactions data matching program
- Visa holders data matching program
- Taxable government grants and payments data matching program
- Program protocol for data matching with the Australian Transactions Reports and Analysis Centreer
- Lifestyle assets data matching program
- Ride sourcing data matching program
- Banking transparency strategy data matching program
- Motor vehicle registries data matching program 2013–16
- Ride sourcing data matching program protocol 2016–18
- Lifestyle assets data matching program 2013–15
- Contractor payments data matching program
- Online selling data matching program protocol
- Credit and debit card data matching program
- Share transactions data matching program protocol
- Share transactions data matching program 1985–2018
- Rental bond data matching program
- Credit and debit card data matching program 2015
- Share transactions data matching program protocol 2014–16
- Online selling data matching program 2013–14
- Specialised payment systems data matching program
- Sharing economy accommodation data matching program
- Partner visa data matching program
- Foreign Investment Review Board data matching program
- Ride sourcing data matching program 2015–20
- Contractor payments data matching program 2016–19
- Specialised payment systems data matching program 2014–17
- DIBP visa holders data matching program protocol
- Privacy codes
- Privacy codes register
- Privacy (Australian Government Agencies – Governance) APP Code 2017
- Privacy (Credit Reporting) Code 2014 (Version 2.1)
- Privacy (Credit Reporting) Code 2014 (Version 2.2)
- Privacy (Credit Reporting) Code 2014 (Version 2.3)
- Privacy (Market and Social Research) Code 2021
- Privacy (Market and Social Research) Code 2014
- Public interest determinations register
- Recognised external dispute resolution schemes register
- Your privacy rights
- Freedom of information
- Your freedom of information rights
- How to access government information
- Freedom of information guidance for government agencies
- Freedom of information guidelines
- Summary of version changes to s93A guidelines
- Part 1: Introduction to the Freedom of Information Act 1982
- Part 2: Scope of application of the Freedom of Information Act 1982
- Part 3: Processing and deciding on requests for access
- Part 4: Charges for providing access
- Part 5: Exemptions
- Part 6: Conditional exemptions
- Part 7: Amendment and annotation of personal records
- Part 8: This part has been superseded and the content moved to Part 3
- Part 9: Internal agency review of decisions
- Part 10: Review by the Information Commissioner
- Part 11: Investigations and complaints
- Part 12: Vexatious applicant declarations
- Part 13: Information Publication Scheme
- Part 14: Disclosure log
- Part 15: Reporting
- Glossary
- Proactive publication and administrative access
- Information Publication Scheme
- About the Information Publication Scheme
- Information Publication Scheme and disclosure log determinations policy and procedure
- Information Publication Scheme overview for senior executive staff
- Information Publication Scheme and disclosure log summary
- Information Publication Scheme review survey 2018
- Information Publication Scheme review survey 2012
- What is a disclosure log?
- Is the decision to publish information in the disclosure log or the Information Publication Scheme a decision that the Information Commissioner can review?
- What is 'operational information' for the purposes of the Information Publication Scheme?
- What does information 'routinely provided to parliament' include for the purposes of the Information Publication Scheme?
- When will something be 'unreasonable' to publish under section 11C and under the Information Publication Scheme
- Administrative access
- How do administrative access schemes interact with the proactive disclosure requirements
- Will the Information Commissioner issue guidance on records management?
- Information Publication Scheme
- Government agency website requirements
- Freedom of information reviews
- Summary of the freedom of information review process
- What is the difference between a complaint and an application for review of a freedom of information decision?
- Personal and business information: third-party review rights
- Internal review process
- Quick guide to the direction applicants follow in an Information Commissioner review
- What decisions can the Administrative Appeals Tribunal review?
- What is an agency's role during an Information Commissioner review?
- Part 10 — Review by the Information Commissioner
- Direction as to certain procedures to be followed in Information Commissioner reviews (for agencies). FAQs for agencies and ministers
- Guidance on handling a freedom of information request
- Legal definitions and questions
- Defining an agency
- Exemptions and conditional exemptions under the Freedom of Information Act 1982
- What are the criteria for a vexatious applicant declaration?
- What is an agency's obligations on a Commonwealth contract?
- What is considered a document under the Freedom of Information Act 1982?
- What protections does the Freedom of Information Act 1982 provide from civil liability and breach of copyright?
- Who qualifies as a 'person' eligible to make a request under s 15 of the Freedom of Information Act 1982?
- Processing a freedom of information request
- Can a request be transferred to or by a minister?
- Documents held by government contractors
- Does a document have to be released at the same time a decision is notified?
- Should an agency consult anyone else before releasing a document?
- What happens if a request doesn't comply with the requirements under the Freedom of Information ACT 1982
- Processing time
- How long does an agency have to process a freedom of information request?
- Apply for an extension of time to process a freedom of information request
- Public holidays and agency shutdown periods: calculating the processing period
- How can an agency meet statutory timeframes during the COVID-19 pandemic?
- Calculating costs
- Handling personal or business information
- Checklists, handouts and templates
- Fact sheet for freedom of information practitioners to give to staff
- Making a decision on a freedom of information request
- Sample freedom of information notices
- Statement of reasons checklist
- Taking all reasonable steps to find documents in a freedom of information request
- Tips for freedom of information decision-makers
- Legal definitions and questions
- More guidance
- Freedom of information guide
- FOIstats guide
- Statement of principles to support proactive disclosure of government-held information
- What is personal information and how does it interact with the Freedom of Information Act 1982
- What freedom of information statistics do agencies and ministers need to produce?
- Freedom of Information agency resources
- FOI agency resource Managing increased volume of FOI requests
- Twelve tips for FOI decision makers
- Calculating and imposing charges for FOI access requests
- Processing requests for amendment or annotation of personal records
- Exemptions and conditional exemptions under the Freedom of Information Act 1982
- Statement of reasons checklist
- Making a decision on an FOI access request
- Information Publication Scheme (IPS) and Disclosure Log determinations policy and procedure
- Defining an agency
- Sample FOI notices
- Administrative access
- Extension of time for processing requests
- Considering the public interest test
- Engagement checklist – Information Commissioner review compulsory conference
- Submissions checklist – Making submissions following notification of an IC review application (agency or minister)
- Agency Resource – The Deliberative Processes Exemption s 47C
- Information Commissioner reviews
- Direction as to certain procedures to be followed by agencies and ministers in Information Commissioner reviews
- Direction as to certain procedures to be followed by applicants in Information Commissioner reviews
- Information Commissioner Reviews: Quick guide to use of directions and information gathering powers
- Freedom of information guidelines
- Freedom of information legislation and determinations
- Information Commissioner decisions and reports
- Freedom of information investigation outcomes
- Freedom of information reports
- Disclosure log desktop review
- Commissioner initiated investigation into the Department of Home Affairs
- FOI at the Department of Human Services
- Processing of non-routine FOI requests by the Department of Immigration and Citizenship
- Review of charges under the Freedom of Information Act 1982: Report to the Attorney-General
- Information Commissioner review decisions
- Vexatious applicant declarations
- Consumer Data Right
- Information for consumers
- Consumer Data Right complaints
- Consumer Data Right guidance for business
- Consumer Data Right and the Privacy Act
- About the Consumer Data Right and the privacy safeguards
- Consumer Data Right Privacy Safeguard Guidelines
- Summary of version changes to CDR Privacy Safeguard Guidelines
- Chapter A: Introductory matters
- Chapter B: Key concepts
- Chapter C: Consent – The basis for collecting and using CDR data
- Chapter 1: Privacy Safeguard 1 – Open and transparent management of CDR data
- Chapter 2: Privacy Safeguard 2 – Anonymity and pseudonymity
- Chapter 3: Privacy Safeguard 3 – Seeking to collect CDR data from CDR participants
- Chapter 4: Privacy Safeguard 4 – Dealing with unsolicited CDR data from CDR participants
- Chapter 5: Privacy Safeguard 5 – Notifying of the collection of CDR data
- Chapter 6: Privacy Safeguard 6 – Use or disclosure of CDR data by accredited data recipients or designated gateways
- Chapter 7: Privacy Safeguard 7 – Use or disclosure of CDR data for direct marketing by accredited data recipients or designated gateways
- Chapter 8: Privacy Safeguard 8 – Overseas disclosure of CDR data by accredited data recipients
- Chapter 9: Privacy Safeguard 9 – Adoption or disclosure of government related identifiers by accredited data recipients
- Chapter 10: Privacy Safeguard 10 – Notifying of the disclosure of CDR data
- Chapter 11: Privacy Safeguard 11 – Quality of CDR data
- Chapter 12: Privacy Safeguard 12 – Security of CDR data and destruction or de-identification of redundant CDR data
- Chapter 13: Privacy Safeguard 13 – Correction of CDR data
- Privacy obligations
- About privacy obligations
- Consumer consent, authorisation and dashboards
- Consumer Data Right insights
- Guide to developing a Consumer Data Right policy
- Guide to privacy for data holders
- Privacy FAQs for accredited data recipient customers
- Trusted advisers in the Consumer Data Right system
- CDR outsourcing arrangement: privacy obligations for an outsourced service provider
- CDR outsourcing arrangement: privacy obligations for a principal of an outsourced service provider
- CDR representative model: privacy obligations of a CDR principal
- CDR representative model: privacy obligations of a CDR representative
- Sponsored accreditation model: privacy obligations of an affiliate
- Sponsored accreditation model: privacy obligations of a sponsor
- Guidance for entities handling CDR data on preparing for and responding to cyber incidents involving CDR data
- Consumer Data Right legislation, regulation and definitions
- Consumer Data Right assessments
- Digital ID
- Engage with us
- Consultations
- Submissions
- Translations
- Events
- Networks
- Research and training resources
- Research
- Australian Community Attitudes to Privacy Survey
- Government attitudes towards privacy in Australia 2001
- Community attitudes towards privacy in Australia 2001
- Business attitudes towards privacy in Australia 2001
- Community Attitudes to Privacy Survey 2004
- Community Attitudes Towards Privacy Study 2007
- Community Attitudes towards Privacy 2007 Methodological Report
- Community Attitudes to Privacy Survey Research Report 2013
- Australian Community Attitudes to Privacy Survey 2017 Report
- Australian Community Attitudes to Privacy Survey 2017 infographic
- Australian Community Attitudes to Privacy Survey 2020
- Australian Community Attitudes to Privacy Survey 2020 infographic
- Australian Community Attitudes to Privacy Survey 2023
- Australian Community Attitudes to Privacy Survey 2023 infographic
- Australian Government Information Access Survey
- Research publications on the Privacy Act
- Australian Community Attitudes to Privacy Survey
- e-learning
- Videos
- Consumer Data Right policy
- Consumer Data Right complaints
- What is privacy?
- It’s your right to know
- Consumer Data Right privacy safeguard 1
- How to make a freedom of information request
- 12 tips for freedom of information decision-makers
- How do I make a privacy complaint?
- Sharing My Health Record — It's My Choice
- Privacy and the My Health Record system
- How to make a privacy complaint (Auslan)
- How do I access my personal information?
- Privacy in the Australian Public Service
- Privacy is important for start-up businesses
- Making privacy a priority in the decade of data
- Privacy for policy developers and project managers
- What can I do about my neighbour’s security camera?
- Australian Community Attitudes to Privacy Survey 2020
- Australian Community Attitudes to Privacy Survey 2017
- Data breach requirements in the My Health Record system
- Is my real estate agent allowed to take photos in my house?
- Handling sensitive information in the My Health Record system
- 10 top tips for good privacy practice for start-up businesses
- Accessing government-held information in Australia
- Request for information: the respondent
- Request for information: the complainant
- Australian Community Attitudes to Privacy Survey 2023 explainer animation
- What privacy means to Australians in 2023
- The biggest privacy risks for Australians in 2023
- The role organisations have to protect privacy in 2023
- Protecting children’s privacy in 2023
- Australian Information Commissioner and Privacy Commissioner Angelene Falk discusses IAID 2023
- Acting Freedom of Information Commissioner Toni Pirani shares her thoughts about transparency
- Australian Public Service Commissioner Gordon de Brouwer discusses public service transparency
- Webinars
- Research
- Historical speeches
- Newsroom
- About the OAIC
- What we do
- Who we are
- Join our team
- Access our information
- Our regulatory approach
- Consumer Data Right regulatory action policy
- Compliance and enforcement policy
- Guide to privacy regulatory action
- Introduction
- Chapter 1: Privacy complaint handling process
- Chapter 2: Commissioner initiated investigations and referrals
- Chapter 3: Information sharing
- Chapter 4: Enforceable undertakings
- Chapter 5: Determinations
- Chapter 6: Injunctions
- Chapter 7: Civil penalties — serious or repeated interference with privacy and other penalty provisions
- Chapter 8: Infringement notices
- Chapter 9: Privacy assessments
- Chapter 10: Directing a privacy impact assessment
- Chapter 11: Data breach incidents
- Freedom of information regulatory action policy
- OAIC regulatory priorities
- Privacy regulatory action policy
- Our international work
- My Health Records guidelines
- Our corporate information
- OAIC annual reports
- Digital health annual reports
- Annual report of the Australian Information Commissioner's activities in relation to digital health 2022–23
- Annual report into the Australian Information Commissioner's activities in relation to digital health 2021–22
- Annual report of the Australian Information Commissioner's activities in relation to digital health 2020–21
- Annual report of the Australian Information Commissioner's activities in relation to digital health 2019–20
- Annual report of the Australian Information Commissioner's activities in relation to digital health 2018–19
- Corporate plans
- Plans, policies and procedures
- Procedures for Managing Suspected Breaches of the APS Code of Conduct
- Data breach response plan
- External complaints about OAIC employees or contractors
- External complaints about OAIC employees or contractors – overarching policy
- Gifts and benefits policy
- Human resources privacy policy
- Information Publication Scheme agency plan
- Multicultural access and equity plan 2019–20
- OAIC asset management policy and guidelines
- OAIC service charter
- Operational policy and process: publication of submissions
- Privacy complaints about the OAIC
- Privacy policy
- Privacy policy summary
- Public interest disclosure procedures
- Operational information
- Accountable authority instructions
- Appointment and authorisation instrument: Chief Security Officer/Chief Risk Officer
- Budget
- Delegation of freedom of information powers and functions
- Delegation of privacy powers and functions
- Employee census results
- OAIC Audit Committee
- OAIC Enterprise Agreement 2016–2019
- OAIC financial delegations and authorisations
- OAIC Privacy Champion, Chief Privacy Officer and Privacy Officer roles
- Privacy Officer appointment instrument
- Regulator expectations and intent
- OAIC Enterprise Agreement 2024-2027
- Accountability
- Memorandums of understanding
- Current memorandums of understanding
- Consumer Data Right
- MOU with the Australian Competition and Consumer Commission: exchange of information
- MOU with the Australian Communications and Media Authority
- MOU with the Data Protection Commissioner of Ireland
- MOU with the Information Commissioner for the United Kingdom
- MOU with Inspector-General of Intelligence and Security
- MOU with the Personal Data Protection Commission of the Republic of Singapore
- National Facial Biometric Matching Capability
- Memorandum of understanding reports
- MOU with the ACT for the provision of privacy services: Annual report 2020–21
- MOU with the ACT for the provision of privacy services: Annual report 2019–20
- MOU with the ACT for the provision of privacy services: Annual report 2018–19
- MOU with the ACT for the provision of privacy services: Annual report 2021–22
- Memorandum of Understanding with the Australian Capital Territory for the provision of privacy services: Annual Report 2022-23
- Other agreements
- Statement with APEC on privacy enforcement authority practices and activities
- Agreement with System Operator: information sharing and complaint referral for the eHealth record system
- Arrangement with state and territory health and privacy regulators: information sharing and complaint referral for the eHealth record system
- Collaboration principles with Privacy Commission NSW
- Information sharing and complaint referral arrangements under Part VIIIA of the Privacy Act 1988
- Information sharing arrangement for referring privacy complaints between the OAIC and external dispute resolution schemes
- Current memorandums of understanding
- Annual Statement of Compliance with the Commonwealth Child Safe Framework 2023
- Information policy
- What is information policy
- Open government
- Information policy resources
- Access to and use of public sector information: the academic re-user perspective
- Open data quick wins – getting the most out of agency publications
- Open public sector information: from principles to practice
- Open public sector information: government in transition
- Principles on open public sector information
- Principles on open public sector information: report on review and development of principles
- Serving legal documents on the Australian Information Commissioner
- Contact us