Commonwealth Consolidated Acts

[Index] [Table] [Search] [Search this Act] [Notes] [Noteup] [Previous] [Next] [Download] [Help]

PRIVACY ACT 1988 - SECT 33D

Commissioner may direct an agency to give a privacy impact assessment

  (1)   If:

  (a)   an agency proposes to engage in an activity or function involving the handling of personal information about individuals; and

  (b)   the Commissioner considers that the activity or function might have a significant impact on the privacy of individuals;

the Commissioner may, in writing, direct the agency to give the Commissioner, within a specified period, a privacy impact assessment about the activity or function.

  (2)   A direction under subsection   (1) is not a legislative instrument.

Privacy impact assessment

  (3)   A privacy impact assessment is a written assessment of an activity or function that:

  (a)   identifies the impact that the activity or function might have on the privacy of individuals; and

  (b)   sets out recommendations for managing, minimising or eliminating that impact.

  (4)   Subsection   (3) does not limit the matters that the privacy impact assessment may deal with.

  (5)   A privacy impact assessment is not a legislative instrument.

Failure to comply with a direction

  (6)   If an agency does not comply with a direction under subsection   (1), the Commissioner must advise both of the following of the failure:

  (a)   the Minister;

  (b)   if another Minister is responsible for the agency--that other Minister.

Review

  (7)   Before the fifth anniversary of the commencement of this section, the Minister must cause a review to be undertaken of whether this section should apply in relation to organisations.


AustLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback