Privacy Act 1988
PART IV
-
FUNCTIONS OF THE INFORMATION COMMISSIONER
Division 3A
-
Assessments by, or at the direction of, the Commissioner
SECTION 33D
COMMISSIONER MAY DIRECT AN AGENCY TO GIVE A PRIVACY IMPACT ASSESSMENT
33D(1)
If:
(a) an agency proposes to engage in an activity or function involving the handling of personal information about individuals; and
(b) the Commissioner considers that the activity or function might have a significant impact on the privacy of individuals;
33D(2)
A direction under subsection (1) is not a legislative instrument.
Privacy impact assessment
33D(3)
A privacy impact assessment is a written assessment of an activity or function that:
(a) identifies the impact that the activity or function might have on the privacy of individuals; and
(b) sets out recommendations for managing, minimising or eliminating that impact.
33D(4)
Subsection (3) does not limit the matters that the privacy impact assessment may deal with.
33D(5)
A privacy impact assessment is not a legislative instrument.
Failure to comply with a direction
33D(6)
If an agency does not comply with a direction under subsection (1), the Commissioner must advise both of the following of the failure:
(a) the Minister;
(b) if another Minister is responsible for the agency - that other Minister.
Review
33D(7)
Before the fifth anniversary of the commencement of this section, the Minister must cause a review to be undertaken of whether this section should apply in relation to organisations.
View history note
Hide history noteIf:
(a) an agency proposes to engage in an activity or function involving the handling of personal information about individuals; and
(b) the Commissioner considers that the activity or function might have a significant impact on the privacy of individuals;
the Commissioner may, in writing, direct the agency to give the Commissioner, within a specified period, a privacy impact assessment about the activity or function.
33D(2)
A direction under subsection (1) is not a legislative instrument.
Privacy impact assessment
33D(3)
A privacy impact assessment is a written assessment of an activity or function that:
(a) identifies the impact that the activity or function might have on the privacy of individuals; and
(b) sets out recommendations for managing, minimising or eliminating that impact.
33D(4)
Subsection (3) does not limit the matters that the privacy impact assessment may deal with.
33D(5)
A privacy impact assessment is not a legislative instrument.
Failure to comply with a direction
33D(6)
If an agency does not comply with a direction under subsection (1), the Commissioner must advise both of the following of the failure:
(a) the Minister;
(b) if another Minister is responsible for the agency - that other Minister.
Review
33D(7)
Before the fifth anniversary of the commencement of this section, the Minister must cause a review to be undertaken of whether this section should apply in relation to organisations.
This information is provided by CCH Australia Limited Link opens in new window. View the disclaimer and notice of copyright.