Privacy Act Compliance Checklist
Ensure your Australian business meets Privacy Act obligations. Complete checklist for Australian Privacy Principles, data security, and breach response.
Privacy Policy and Transparency
- Create privacy policy and publish on website
- Explain what personal data you collect
- Detail how you use the information
- List third parties you share data with
- Provide contact details for privacy enquiries
- Update privacy policy annually
Data Collection and Consent
- Only collect necessary personal information
- Get consent before collection
- Provide privacy notice at collection
- Document collection procedures
- Delete unsolicited information
- Maintain records of collection
Data Security
- Encrypt data in transit and at rest
- Use strong access controls and passwords
- Provide employee data handling training
- Conduct regular security audits
- Implement incident response procedures
- Restrict access to authorized staff only
Data Rights and Access
- Respond to access requests within 30 days
- Correct inaccurate personal data
- Allow individuals to opt-out of marketing
- Maintain request logs
- Provide information in accessible format
Data Breach Response
- Have breach response plan in place
- Assess whether breach likely to cause serious harm
- Notify affected individuals when serious
- Report to OAIC Australian Information Commissioner
- Document breach and response actions
- Review and improve security afterwards
Complaints and Accountability
- Have complaints procedure in place
- Respond within 30 days
- Investigate complaints thoroughly
- Take corrective action when needed
- Keep complaint records
- Train staff on privacy complaints
Get Privacy Compliance Support
Use Privacy Act Shield to automate Privacy Act compliance, manage data security, and respond to breaches. You can also review our Privacy Act obligations guide, privacy policy generator, and privacy software comparison.
Frequently asked questions
What is this checklist for?
This checklist is a quick self-audit for Australian businesses that want to review their privacy policy, APP controls, breach readiness, and day-to-day handling of personal information.
Is a checklist enough on its own?
A checklist is a useful starting point, but most businesses still need an APP gap assessment, documented evidence, and a clearer remediation plan to demonstrate compliance properly.
Where can I get a fuller compliance review?
For a deeper review, use our privacy compliance check and build on it with a structured APP gap assessment.