Our website uses cookies so we can analyse our site usage and give you the best experience. Click "Accept" if you’re happy with this, or click "More" for information about cookies on our site, how to opt out, and how to disable cookies altogether.
We respect your Do Not Track preference.
We’ve created a variety of guidance and resources to help you learn about your organisation's obligations and to easily comply with the Privacy Act.
NotifyUs is our online tool for you to assess and report your organisation's privacy breaches.
Try our free e-learning courses covering a range of topics.
You need to let customers know what information you’re collecting from them, and what you’ll use it for. Our Priv-o-matic tool will help you easily create clear privacy statements.
A privacy impact assessment (PIA) is a tool used by agencies to help them identify and assess the privacy risks arising from their collection, use or handling of personal information. A PIA will also propose ways to mitigate or minimise these risks.
A PIA can be particularly useful when an agency is considering introducing a new policy or operating system, or when making changes to an existing process. For guidance on whether you should do a PIA and on how to do a PIA, check out our PIA toolkit.
Health information can be especially sensitive, and the Health Information Privacy Code sets specific rules for agencies handling it. Our Health Privacy Toolkit contains our guidance for managing health information under the Code.
We’ve also created a short guide to help you keep health information safe when you’re off-site or on the road.
Our guidance on Artificial Intelligence and the IPPs establishes OPC guidance and is updated frequently. The guidance is intended to inform organisations on decision making around using AI safely with the IPPs.
Our Biometrics page will give you information on biometrics and where we are in the process of developing specific rules for biometric information.
Sensitive personal information is information about the individual that has some real significance to them, is revealing of them, or generally relates to matters that an individual might wish to keep private. We've created guidance on how the Privacy Act applies to sensitive personal information.
If you’re involved with the care of at-risk children, you may have to consult with other agencies to make sure the children have the right kind of intervention at the right time. Our guidance sharing personal information regarding child welfare or family violence helps you make decisions about whether sharing the information is appropriate and legal.
Police and other law-enforcement agencies may request personal information from your organisation as part of an investigation. Both you and the law-enforcement agency have obligations and responsibilities you must follow. View our guidance here.
We have created guidance for Ministers and officials to work through when dealing requests for access to personal information
The General Data Protection Regulation (GDPR) is a European Union (EU) data privacy law. It came into full effect on 25 May 2018.
The GDPR's main purpose is to create one coherent data protection framework across the EU, greatly improving data protection and privacy rights. It imposes a comprehensive set of principles and obligations which agencies working in or with the EU need to be aware of and comply with.