Audit functions
Background47.87 The Commissioner has a number of functions under the Privacy Act to audit compliance. The OPC describes an audit as ‘a snapshot of personal information handling practices in relation to an agency or organisation program at a certain time and in a particular location’.[122] An audit involves a systematic inspection and review of an …
Publications
Read moreSelf-auditing
Background47.117 A possible alternative or addition to the Commissioner’s power to conduct PPAs would be the imposition of a requirement on agencies or organisations to undertake self-auditing.[166] The Corporations Act 2001 (Cth) model of financial reporting and audits was suggested as a possible model. That model includes an obligation on corporations to self-audit, to report …
Publications
Read moreFunctions under other Acts
Background47.124 In addition to the functions enumerated in the Privacy Act, the Commissioner has functions under other legislation.[175] In summary, these functions are to: Issue the Data-matching Program (Assistance and Tax) Guidelines and to investigate an act or practice that may breach the Guidelines or Part 2 of the Data-matching Program (Assistance and Tax) Act …
Publications
Read morePublic interest determinations
Background47.128 The Commissioner has the power to make a determination that an act or practice of an agency or organisation, which may otherwise breach an IPP, NPP or approved privacy code, should be regarded as not breaching that principle or privacy code while the determination is in force. Such a determination is called a ‘public …
Publications
Read moreOversight powers
47.2 The Commissioner’s functions in overseeing the operation of the Privacy Act include: giving advice; providing research on, and monitoring of, technological developments; and conducting education. The Commissioner also has oversight functions in relation to tax file numbers and credit reporting.[2]Advice functions47.3 The Commissioner has several advisory functions under the Privacy Act. These are to:Provide …
Publications
Read moreGuidelines
47.25 As discussed in Chapter 4, in a principles-based regime, guidance is often necessary to make the rights and obligations in the Act sufficiently certain and clear.[42] Guidance can be provided in a number of forms, including website information, ‘frequently asked questions’, education programs, and the Commissioner’s oversight functions, discussed above. It also can be …
Publications
Read morePersonal Information Digest
Background47.37 The Commissioner has the function under s 27(1)(g) of maintaining and publishing annually a record of ‘the matters set out in records maintained by record keepers in accordance with clause 3 of IPP 5’. Record keepers, in this context, are agencies; and the record is known as the Personal Information Digest (Digest). The matters …
Publications
Read morePrivacy impact assessments
Background47.44 PIAs have been the topic of much discussion in recent reviews of the Privacy Act and in privacy commentary more generally. The term ‘privacy impact assessment’ is not defined in the Privacy Act, nor is there a requirement for the Commissioner, or for an agency or organisation, to undertake a PIA. There is, however, …
Publications
Read morePrivacy Advisory Committee
Composition46.72 The Privacy Act establishes a Privacy Advisory Committee (Advisory Committee) consisting of the Commissioner and not more than six other members, of which the Commissioner is convenor.[93] The Governor-General appoints members (other than Privacy Commissioner) as part-time members who hold office for up to five years. Members are not remunerated for their service, but …
Publications
Read moreExpert panels
Background46.101 In considering whether the current structure and role of the Privacy Advisory Committee is appropriate, the ALRC canvassed two main options for reform. 46.102 The first was to retain the current structure of the Committee, but make any necessary amendments to the membership requirements to reflect contemporary issues and community concerns. The second option …
Publications
Read more