Part 10 of the Privacy Act regulates the operation of government information matching so as to minimise the privacy risks and maintain public confidence in the fair handling of data. It places a special responsibility upon the Privacy Commissioner to oversee compliance with the controls in Part 10.
In response to the growth and changing nature of authorised information matching programmes, the compliance audit approach to reporting has been developed. The audit approach assesses compliance with the Privacy Act information matching controls in two parts.
The first, called the documentation audit, looks at departmental documentation, policies, codes of practice and guidelines. The second, called the process audit, focuses upon the agency management and staff involved in operating the programme.
The information matching compliance team at the Office of the Privacy Commissioner welcome any feedback that enables the audit approach to be further enhanced.
View the most current Information Matching Compliance Auditing Information Pack here.