Last review date: 31 December 2024

Yes.

Last review date: 31 December 2024

☒  No

However, the report on the review of the Privacy Act recommends – and the government agrees in principle (subject to further consultation) – that the law be reformed to require APP entities to appoint or designate a senior employee responsible for privacy within the entity. This could be an existing member of staff of the APP entity who also undertakes other duties.

Last review date: 31 December 2024

☒  No

However, as stated in the previous section, the report on the review of the Privacy Act recommends – and the government agrees in principle (subject to further consultation) – that the law be reformed to require APP entities to appoint or designate a senior employee responsible for privacy within the entity.

Last review date: 31 December 2024

☒  No

There is no requirement to register with, make filings to, or obtain approvals from the OAIC under the Privacy Act.

Notifications are not generally required to be made to the OAIC (other than as required by the NDB scheme - see the section on General Data Security Breach Notification Requirements).

That said, sector- or circumstance-specific registrations or licenses may be needed by some entities under other legislation. For example, under the MHR Act, healthcare providers must register to be able to access their patients' My Health Records; under the SOCI Act, there are registration and incident reporting obligations in relation to critical infrastructure assets.