A privacy impact assessment (PIA) is a systematic assessment of an activity that identifies the impact the activity might have on the privacy of individuals, and sets out recommendations for managing, minimising or eliminating that impact. A PIA addresses all Australian Privacy Principles (APPs) and addresses community expectations.

The systematic reviews undertaken by our Ethics Committee of privacy aspects associated with the establishment of AIHW data collections and applications for research projects meet the requirements of a PIA, as they address APP compliance and community expectations.

The PIAs we undertake are part of our approach to building community acceptance of and trust in our work.

The threshold for when a PIA must be undertaken is established in the Privacy (Australian Government Agencies – Governance) APP Code 2017 (Privacy Code). A PIA must be undertaken for all high privacy risk projects, described as those that ‘involve any new or changed ways of handling personal information that are likely to have a significant impact on the privacy of individuals’.

Since we do not limit our PIAs to high risk projects, we undertake PIAs through our Ethics Committee and other processes more broadly than is required by the Code. For example, see data linkage projects and data collections that have been approved by the AIHW Ethics Committee and published on our website.

PIA register

We also undertake PIAs for non-research projects involving new or changed ways of handling personal information, through our Ethics Committee and other processes. These are published in our PIA register (below).

This table lists PIAs completed since the Code came into effect on 1 July 2018, and will be updated as additional PIAs are finalised.

PIAs completed
Data completedPrivacy impact assessment

14 May 2019

Secure Remote Access Environment

10 December 2019

Research Only Network

Further information

For more information about how we comply with the Privacy Act and the Privacy Code, please refer to our Privacy policy.