Guide to Undertaking Privacy Impact Assessments


Key Questions: What are Privacy Impact Assessments? How do I undertake Privacy Impact Assessments?
The Guide to undertaking privacy impact assessments (PIA Guide) has been prepared by the Office of the Australian Information Commissioner (OAIC) to describe a process for undertaking a privacy impact assessment (PIA). The PIA Guide is intended to provide guidance to all Australian Privacy Principle (APP) entities.


  • Introduction to privacy impact assessments 
  • About this Guide 
  • What is a privacy impact assessment? 
  • Why do a PIA?
  • Is a PIA necessary? 
  • When to do a PIA 
  • Role of the OAIC
  • Undertaking a PIA
  • 1. Threshold assessment
  • 2. Plan the PIA
  • 3. Describe the project
  • 4. Identify and consult with stakeholders 
  • 5. Map information flows
  • 6. Privacy impact analysis and compliance check 
  • 7. Privacy management — addressing risks
  • 8. Recommendations
  • 9. Report 
  • 10. Respond and review 
  • Respond to recommendations
  • Independent review/audit
  • Update the PIA if required 
  • Glossary
  • Appendix A — Acknowledgments and resources

Type of Tool:

Publication Date: 

Topic 1: Privacy impact assessments — an introduction