Office of the Australian Information Commissioner


ACCC/OAIC compliance and enforcement policy for the Consumer Data Right

The purpose of this policy is to help consumers and Consumer Data Right (CDR) participants understand the approach that the ACCC and the OAIC will adopt to encourage compliance with CDR Rules, legislation (including Privacy Safeguards) and Consumer Data Standards. The policy also sets out...

Guide to health privacy

This guide has been written to help health services providers — from doctors and private sector hospitals, through to allied health professionals, pharmacists, childcare centres and gyms —understand their obligations under the Privacy Act 1988, and embed good privacy in their practice.
Annual Report

Annual Report of the Australian Information Commissioner’s activities in relation to digital health 2017–18

This annual report sets out the Australian Information Commissioner’s digital health compliance and enforcement activity during 2017–18.

Notifiable Data Breaches scheme: 12‑month insights report

Entities regulated by the Privacy Act should review this report and use the learnings to enhance their prevention and response strategies for the benefit of all Australians. One of the key messages taken from this inaugural review of the Notifiable Data Breaches (NDB) scheme is...
Discussion paper

eHealth record system OAIC enforcement guidelines

The Personally Controlled Electronic Health Records Act 2012 requires the Australian Information Commissioner to formulate guidelines outlining how the Commissioner will approach enforcement issues relating to the eHealth record system. The Office of the Australian Information Commissioner (OAIC) is the independent regulator of privacy aspects...