PRIVACY ACT 1988

PART IV - FUNCTIONS OF THE INFORMATION COMMISSIONER  

Division 3A - Assessments by, or at the direction of, the Commissioner  

SECTION 33D   COMMISSIONER MAY DIRECT AN AGENCY TO GIVE A PRIVACY IMPACT ASSESSMENT  

33D(1)  
If:


(a) an agency proposes to engage in an activity or function involving the handling of personal information about individuals; and


(b) the Commissioner considers that the activity or function might have a significant impact on the privacy of individuals;

the Commissioner may, in writing, direct the agency to give the Commissioner, within a specified period, a privacy impact assessment about the activity or function.

33D(2)  
A direction under subsection (1) is not a legislative instrument. Privacy impact assessment

33D(3)  
A privacy impact assessment is a written assessment of an activity or function that:


(a) identifies the impact that the activity or function might have on the privacy of individuals; and


(b) sets out recommendations for managing, minimising or eliminating that impact.

33D(4)  
Subsection (3) does not limit the matters that the privacy impact assessment may deal with.

33D(5)  
A privacy impact assessment is not a legislative instrument. Failure to comply with a direction

33D(6)  
If an agency does not comply with a direction under subsection (1), the Commissioner must advise both of the following of the failure:


(a) the Minister;


(b) if another Minister is responsible for the agency - that other Minister. Review

33D(7)  
Before the fifth anniversary of the commencement of this section, the Minister must cause a review to be undertaken of whether this section should apply in relation to organisations.




This information is provided by CCH Australia Limited Link opens in new window. View the disclaimer and notice of copyright.