Our website uses cookies so we can analyse our site usage and give you the best experience. Click "Accept" if you’re happy with this, or click "More" for information about cookies on our site, how to opt out, and how to disable cookies altogether.
We respect your Do Not Track preference.
Health information can be especially sensitive, and the Health Information Privacy Code sets specific rules for agencies handling it. Our Health Privacy Toolkit contains our guidance for managing health information under the Code.
We’ve also created a short guide to help you keep health information safe when you’re off-site or on the road.
Our guidance on Artificial Intelligence and the IPPs establishes OPC guidance and is updated frequently. The guidance is intended to inform organisations on decision making around using AI safely with the IPPs.
Our Biometrics page will give you information on biometrics and where we are in the process of developing specific rules for biometric information.
Sensitive personal information is information about the individual that has some real significance to them, is revealing of them, or generally relates to matters that an individual might wish to keep private. We've created guidance on how the Privacy Act applies to sensitive personal information.
If you’re involved with the care of at-risk children, you may have to consult with other agencies to make sure the children have the right kind of intervention at the right time. Our guidance sharing personal information regarding child welfare or family violence helps you make decisions about whether sharing the information is appropriate and legal.
Police and other law-enforcement agencies may request personal information from your organisation as part of an investigation. Both you and the law-enforcement agency have obligations and responsibilities you must follow. View our guidance here.
We have created guidance for Ministers and officials to work through when dealing requests for access to personal information
The General Data Protection Regulation (GDPR) is a European Union (EU) data privacy law. It came into full effect on 25 May 2018.
The GDPR's main purpose is to create one coherent data protection framework across the EU, greatly improving data protection and privacy rights. It imposes a comprehensive set of principles and obligations which agencies working in or with the EU need to be aware of and comply with.