Privacy Act Compliance Checklist

Ensure your Australian business meets Privacy Act obligations. Complete checklist for Australian Privacy Principles, data security, and breach response.

Use this page as a quick self-audit. For a fuller review with APP scoring, remediation actions, and breach-readiness checks, run our privacy compliance check.

Privacy Policy and Transparency

  • Create privacy policy and publish on website
  • Explain what personal data you collect
  • Detail how you use the information
  • List third parties you share data with
  • Provide contact details for privacy enquiries
  • Update privacy policy annually

Data Collection and Consent

  • Only collect necessary personal information
  • Get consent before collection
  • Provide privacy notice at collection
  • Document collection procedures
  • Delete unsolicited information
  • Maintain records of collection

Data Security

  • Encrypt data in transit and at rest
  • Use strong access controls and passwords
  • Provide employee data handling training
  • Conduct regular security audits
  • Implement incident response procedures
  • Restrict access to authorized staff only

Data Rights and Access

  • Respond to access requests within 30 days
  • Correct inaccurate personal data
  • Allow individuals to opt-out of marketing
  • Maintain request logs
  • Provide information in accessible format

Data Breach Response

  • Have breach response plan in place
  • Assess whether breach likely to cause serious harm
  • Notify affected individuals when serious
  • Report to OAIC Australian Information Commissioner
  • Document breach and response actions
  • Review and improve security afterwards

Complaints and Accountability

  • Have complaints procedure in place
  • Respond within 30 days
  • Investigate complaints thoroughly
  • Take corrective action when needed
  • Keep complaint records
  • Train staff on privacy complaints

Get Privacy Compliance Support

Use Privacy Act Shield to automate Privacy Act compliance, manage data security, and respond to breaches. You can also review our Privacy Act obligations guide, privacy policy generator, and privacy software comparison.

Frequently asked questions

What is this checklist for?

This checklist is a quick self-audit for Australian businesses that want to review their privacy policy, APP controls, breach readiness, and day-to-day handling of personal information.

Is a checklist enough on its own?

A checklist is a useful starting point, but most businesses still need an APP gap assessment, documented evidence, and a clearer remediation plan to demonstrate compliance properly.

Where can I get a fuller compliance review?

For a deeper review, use our privacy compliance check and build on it with a structured APP gap assessment.