Privacy Impact Assessment

According to Australia Privacy Principle (APP) 1 organisations should have a clearly expressed and up-to-date privacy policy that details the management of personal information by the organisation. The privacy policy must be made reasonably available, free of charge, and it must contain a range of information specified in APP 1, including (but not limited to), how the organisation collects and holds personal information and the purposes for which the organisation collects, holds, uses and discloses personal information.

 

APP 1 also states that organisations should implement practices, procedures and systems that will ensure compliance with the APPs. The nature of these practices depends on the type, size and resources of the organisation. The APP Guidelines give a number of examples of the practices that organisations should consider implementing (for example, regular staff training on the APPs).

 

There is no express requirement to carry out privacy impact assessments. Nevertheless, the APP Guidelines suggest that to comply with APP 1, organisations should consider conducting privacy impact assessments for new projects or data handling practices.

Please visit: https://www.oaic.gov.au/images/documents/privacy/applying-privacy-law/app-guidelines/APP-guidelines-combined-set-v1.pdf