Privacy Impact Assessments

What is a PIA?

A Privacy Impact Assessment (PIA) is an important component of the University's protection of privacy and is to be implemented as part of the University's privacy by design requirement under the Privacy Act 1988 (Cth).

A PIA identifies how a new or revised project or system can have an impact on an individual's privacy, and makes recommendations for managing, minimising or eliminating those privacy impacts.

The PIA process should be included as part of the project and system planning processes, and recorded in the project plan and risk reporting. It should be revisited and updated when changes to a project or system are considered.

When is a PIA required?

A PIA is beneficial for any project or system that involves new or changed ways of handling personal information. 

A PIA is likely to be required if:

• personal information is collected in a new way;
• personal information is collected in a way that might be perceived as being intrusive;
• personal information will be disclosed to another agency, a contractor, the private sector or to the public; or
• there is a change in the way personal information is collected, disclosed, retained, stored or secured or "handled".

Projects and systems

The process for PIAs is changing at ANU. Staff can now complete a PIA using the new Microsoft Form, that will assess potential privacy impacts and risks.

The assessment will determine if the project, system or process complies with the Australian Privacy Principles, the Privacy Act 1988 (Cth) and the ANU Privacy Policy.

If a privacy risk is identified, users will be directed by the form to the ANU Privacy Office for further guidance. If you believe a detailed PIA is required, please contact the ANU Privacy Office for guidance, and to access the PIA template.

Projects and system implementation must be conducted in line with the privacy assessment. If there are changes to how personal information will be handled, the assessment should be completed again.

Non-standard surveys

Staff and students who are collecting personal information as part of a non-standard survey must complete the Non-standard survey privacy assessment.

The assessment will determine if the survey process complies with the Australian Privacy Principles, the Privacy Act 1988 (Cth) and the ANU Privacy Policy.

If a privacy risk is identified, users will be directed by the form to the ANU Privacy Office for further guidance.

Surveys must be conducted in line with the privacy assessment. If there are changes to how personal information will be handled, the assessment should be completed again.

Privacy Impact Assessment Register

The ANU Privacy Impact Assessment (PIA) register has been prepared in accordance with section 15(1) of the Privacy (Australian Government Agencies - Governance) APP Code 2017.