Compliance and audit reports
OIC monitors and reports on agency compliance with the RTI Act and the IP Act by conducting audits, reviews and surveys of government departments, local governments, statutory authorities, government owned corporations and universities, in order to measure the extent to which the agencies have achieved the right to information and information privacy reforms. Under the RTI Act, OIC reports on review outcomes to the Parliamentary Committee for Justice, Integrity and Community Safety Committee, and under the IP Act, reports can be sent to the Speaker for tabling in the Legislative Assembly.
Latest report
On 10 December 2025, the Speaker of the Queensland Legislative Assembly tabled in Parliament the Information Commissioner’s report: ‘Prioritising privacy to keep victims safe: A review of the disclosure of domestic and family violence victims’ addresses to offenders by the Queensland Police Service’.
The report follows a review under section 135(1) of the Information Privacy Act 2009 (Qld) of the QPS’s privacy policies, procedures and systems in the context of its disclosure of domestic and family violence victims’ addresses to offenders.
The Review considered the Information Privacy Principles (IPPs) that were in effect prior to 1 July 2025 and found that the QPS contravened three IPPs when addresses of domestic and family violence victims were disclosed to offenders. This put the victim’s safety and security at risk, and in some cases, enabled the offender to commit further harm. The QPS’s policies, procedures and systems failed at both a technical and administrative level. The Information Commissioner’s Review recommendations seek to strengthen the personal privacy protections of victims’ personal information held by the QPS and enhance the support the QPS provides to members of the public making a privacy complaint.
Since August 2024, the Information Commissioner found the QPS has made a concerted and comprehensive effort to implement whole-of-business solutions to mitigate the risk of further unauthorised disclosures.
Tabled reports
2024-25
- Mitigating the risks of privacy breach through staff education. How three government agencies implemented our recommendations. Follow-up audit on Report No. 1 for 2022-23
- Audit on responding to access requests for government-held information
- Administrative access to documents held in public schools: How the Department of Education implemented our recommendations: Follow-up audit on Report No. 2 for 2021-22
- Audit of administrative access to medical records held in hospital and health services
- Minimising Personal Information Held: Reducing the risk of privacy breaches
2023-24
- Audit report - ‘Reporting on RTI and IP statistics - Survey results about reporting on the operation of the Right to Information Act 2009 and the Information Privacy Act 2009’
- Follow-up audit of Publishing information about waste management
- Audit report – Publishing information about council meetings and councillor discretionary funds
- Follow-up audit – Sunshine Coast Regional Council
2022-23
2010 - 2022
2021-22
- Audit report – Administrative access to information – How the Department of Education managed access to documents held in schools
- Compliance audit report - Sunshine Coast Regional Council
2020-21
- Minimum reporting requirements: Personal interests, gifts and benefits, overseas travel
- Follow-up audit report - Bundaberg Regional Council
- Follow-up audit - Awareness of privacy obligations
- Audit report - Disclosure logs - Queensland Government departments
- Privacy and Public Data Audit Report
2019-20
- Follow-up report - Townsville City Council
- Compliance Audit - Bundaberg Regional Council
- Follow-up report - Ipswich City Council
2018-19
- 10 Years on
- Follow up report - Cairns and Hinterland Hospital and Health Service
- Follow up report - Gold Coast Hospital and Health Service
- Audit of information management maturity
- Audit of awareness of privacy obligations
2017-18
- Follow-up of review recommendations Council of the City of Gold Coast
- Compliance audit – Ipswich City Council
- Compliance audit – Townsville City Council
- Privacy and mobile apps
2016-17
- Desktop Audits 2016-17 - Website Compliance with Right to Information and Information Privacy — Hospital and Health Services
- Follow-up of review recommendations - Queensland Universities
- Compliance review report - Gold Coast Hospital and Health Service
- 2016 Right to Information and Information Privacy Electronic Audit
- Results of Desktop Audits 2014-16
2015-16
- Compliance Review – Council of the City of Gold Coast
- Follow-up of review recommendations Department of Education and Training
- Follow-up of review recommendations Rockhampton Regional Council
- Camera surveillance and privacy – follow-up review
2014-15
- Compliance Review – Cairns and Hinterland Hospital and Health Service
- Compliance Review – Queensland Universities
- Results of Desktop Audits 2013-14
2013-14
- Compliance Review – Rockhampton Regional Council (PDF, 2827.83 KB)
- Report on privacy in complaint handling systems (PDF, 1836.86 KB)
- Follow-up of review recommendations: Department of Transport and Main Roads (PDF, 198 KB)
- Compliance Review - Department of Education, Training and Employment (PDF, 3000.01 KB)
- Follow-up of review recommendations (Queensland Health and Queensland Police Service) (PDF, 427.77 KB)
- Results of Desktop Audits 2012-13 (PDF, 394.53 KB)
- 2013 Right to Information and Information Privacy Electronic Audit
2012-13
2011-12
- Go card follow-up report (PDF, 300.22 KB)
- Department of Transport and Main Roads compliance review (PDF, 923.82 KB)
- Queensland Police Service compliance review 2011 (PDF, 714.42 KB)
2010-11
- Public sector attitudes towards RTI reforms (PDF, 367.43 KB)
- Public awareness of RTI reforms (PDF, 327.07 KB)
- Go card disclosure (PDF, 793.26 KB)
- Queensland Health compliance review 2010 - 2011 (PDF, 1019.95 KB)
- Agency Progress on Right to Information Reforms 2010-11
- Desktop audits results 2010 (PDF, 175.98 KB)