Skip to main content

Privacy for government

Personal information is essential to the work of Australian government agencies.  

Agencies must uphold a consistent, high standard of personal information handling practices to meet community expectations and build community trust.

This Privacy Awareness Week, the OAIC is urging Australian government agencies, together with businesses, to ‘power up’ on privacy. 


Clarity matters

The best privacy practice starts with transparency. If your agency is collecting personal information from people, it must be open and transparent about how it will handle it.

Transparency needs to apply both within your agency – so staff know the parameters and requirements they work within – and in the community. It means clear privacy policies and notices, and clarity on how the agency is managing privacy risks. 

The Australian Government Agencies Privacy Code requirements for privacy management plans and privacy impact assessments reflect the need for good privacy practices to be built in at the ground level.

Know what’s in the box

Be clear on what data your agency has, where it’s stored, why it was collected, and how you are protecting it. Also, examine arrangements with service providers. Do they measure up on privacy?

Some practical steps are to:

Do the housekeeping

Is your agency holding information it doesn’t need? Map the information lifecycle and ensure appropriate review, retention and destruction schedules. Don’t overlook information held by third-party providers.

Seek informed consent

Make sure your privacy information is clear, accessible, and accurate when seeking consent.

Apply privacy by design

Embed good privacy practices into the design specifications of products and services from the beginning. Undertake privacy impact assessments; they will help you adopt a privacy by design approach. 


Show your privacy leadership – in good times and bad

Privacy is a human right and it’s one Australians value highly. It is also an essential part of creating public trust and confidence in government. People expect government to respect and protect their privacy. 

To help ensure high standards in managing personal information, all Australian Government agencies are required to adhere to the Australian Government Agencies Privacy Code, as well as the Australian Privacy Principles.

The Code reflects the commitment of Australian Government agencies to the protection of privacy, and helps build public trust and confidence in personal information handling practices. It enhances existing privacy capability within agencies, builds greater transparency in information handling practices, and fosters a culture of respect for privacy and the value of personal information.

In striving for, and applying, best practice in privacy governance, agencies not only answer community expectations; they can also provide leadership more broadly, including (and critically) through requirements when using third-party providers. 

Be thoughtful in data collection practices

Government agencies collect and generate a significant amount of information, which serves important public purposes. But be mindful of not collecting unnecessary information. Consider de-identification where appropriate.

Some practical steps are to:

Apply high standards

Government agencies should manage personal information to a consistently high standard; make great privacy practices a strength. 

Act fast — don’t delay

Ensure prompt notification of data breaches by having effective systems for detecting, assessing, responding to and notifying breaches.

Embed a strong privacy culture

Make privacy a leadership priority and foster a strong privacy culture at all levels.


Protect personal data

Power up the security of personal information in your agency by using the right tools and guarding against known and emerging threats.

Having the right processes in place will help you keep the community’s personal information safe. 

That means strong data governance, and reviewing and strengthening access security and ICT security measures, including to detect and respond to threats, particularly with a view to emerging threats.

Ensure processes to detect and respond to cyber threats in a timely manner and report cyber-crimes, cyber security incidents or vulnerabilities.  The Australian Signals Directorate’s Australian Cyber Security Centre can provide technical assistance.

For government agencies, data breaches are more likely to be caused by human error than malicious or criminal attacks. Shore up human risks with regular, clear and accessible staff training.

Power up your agency’s privacy settings with the help of the resources on our website – see the list below.

Power up your people

Most data breaches in government agencies are due to human error. Three key things you can do are:

  1. promote staff awareness about secure information handling practices
  2. look for technology solutions that help staff (such as email filtering)
  3. design systems and processes that anticipate and minimise the risk of human error.

Some practical steps are to:

Guard against impersonation

Have strong identity management and authentication steps. Foster a privacy-aware culture to help staff identify instances of fraud, and keep access secure.

Use the right tools

Have up-to-date privacy management and data breach response plans, and make use of our guidance and tools. Utilise cyber security mitigation strategies. 

Lock the doors

Most data breaches within government agencies result from human error, so mitigate this risk through strong processes, technology and training. Be vigilant about the practices of third-party providers, and consider risks posed by outdated technology and platforms.

Test your knowledge

Test how ‘powered up’ your privacy settings and knowledge are with our quick quiz, and claim your reward.

Take the quiz

Did you know?

Australian Government agencies have additional responsibilities under the Australian Government Agencies Privacy Code.

The code requires agencies to take a best practice approach to privacy governance to help build a consistent, high standard of personal information management across all Australian Government agencies.

Become a PAW supporter

Becoming a PAW supporter gives your agency access to our supporter toolkit to help increase privacy awareness among your staff, community and stakeholders. It shows your commitment to good privacy practice and advancing the privacy rights of individuals. 

Sign up now

Additional resources for government

Want to know more about best practice in privacy, and responding to data breaches?

There is a range of information and resources available from us (the Office of the Australian Information Commissioner) at the links below. We have also included links to a range of other very useful resources.

Privacy Guidance