The Office of the Australian Information Commissioner (OAIC) has released a new resource setting out how Agencies in the Australian Public Service (APS) can determine when they need to conduct a privacy impact assessment (PIA).
The Office’s Privacy (Australian Government Agencies – Governance) APP Code 2017 requires Agencies to conduct a privacy impact assessment for all “high privacy risk projects”.
The OAIC said a project may be a high privacy risk if it involves new or changed ways of handling personal information that were likely to have a significant impact on the privacy of individuals.
In a statement, the Office said the new resource provides guidance on how to screen for potentially high privacy risk projects by completing a threshold assessment to determine whether a PIA is required.
“It sets out the benefits of conducting a PIA, even when a project does not meet the high privacy risk threshold, and includes a template to assist Agencies to complete a threshold assessment,” the Office said.
Australian Information Commissioner and Privacy Commissioner, Angelene Falk said PIAs were an important tool to ensure projects met legislative privacy requirements and community privacy expectations.
“The process of undertaking a privacy impact assessment provides an opportunity for Australian Government Agencies to consult and engage with stakeholders, and demonstrate their commitment to, and respect of, individuals’ privacy,” Ms Falk said.
“Agencies are also required to publish a register of privacy impact assessments they conduct, which provides important transparency.”
She said effective privacy practice required continuing commitment and effort.
“This new resource complements the existing resources we have developed to assist Government Agencies to understand and meet the obligations of the code,” Ms Falk said.
The resource, which Ms Falk said was developed in consultation with several Australian Government agencies, can be accessed on the OAIC website at this PS News link.
