IPOLA Guidelines
Through 2024, OIC will deliver a series of guidelines and resources to support agencies and to prepare for the commencement of the Information Privacy and Other Legislation Amendment Act (IPOLA) that will amend the Information Privacy Act 2009 and Right to Information Act 2009.
The amendments will clarify and improve the operation of information privacy and right to information frameworks, better protect personal information and provide appropriate responses and remedies for data breaches and misuse of personal information by agencies.
The guidelines are introductory only and deal with the amendments in a general way. They are not legal advice and additional factors may be relevant in your specific circumstances. Please make sure you have read OIC's disclaimer.
IPOLA Guideline - Basic Guide to Changes to the IP Act
IPOLA Guideline - Key privacy concepts use and disclosure
IPOLA Guideline - Disclosing personal information out of Australia
IPOLA Guideline - Key privacy concepts personal and sensitive information
IPOLA Guideline - Key Privacy Concepts – consent
IPOLA Guideline - Key Privacy Concepts – generally available publication
IPOLA Guideline - Who does the IP Act apply to
IPOLA Guideline - Anonymity and pseudonymity in complaint management
IPOLA Guideline - Compliance notices
IPOLA Guideline - Data analytics
IPOLA Guideline - Achieving effective privacy and information security training
IPOLA Guideline - Cloud computing and the privacy principles
IPOLA Guideline - Privacy self-assessment guide
IPOLA Guideline - Securing personal information
IPOLA Guideline - Surveys and the Privacy Principles
IPOLA Guideline - Tips for Resolving Privacy Complaints
IPOLA Guideline - Key Privacy Concepts - permitted general and health situations
IPOLA Guideline - Mobile apps and social media
IPOLA Guideline - Privacy and de-identified data
IPOLA Guideline - Privacy compliance and camera surveillance
IPOLA Guideline - Status and outcomes of complaints - what can you tell a complainant
IPOLA Guideline - Basic guide to the QPPs
IPOLA Guideline - QPP1 - Privacy policies
IPOLA Guideline - QPP2 - Dealing anonymously with an agency
IPOLA Guideline - QPP3 - Collection-of-solicited personal information
IPOLA Guideline - QPP3&6 – Permitted General Situations
IPOLA Guideline - QPP3&6 – Health agencies: collection, use or disclosure of health information
IPOLA Guideline - QPP3&6 – Authorised by law or court order
IPOLA Guideline - QPP3&6 – Law enforcement agencies & activities
IPOLA Guideline - QPP4 - Dealing with unsolicited information
IPOLA Guideline - QPP5 - Informing people when collecting personal information
IPOLA Guideline - QPP6 – Use or disclosure
IPOLA Guideline - QPP6 – Use or disclosure for natural justice
IPOLA Guideline - QPP10 - Quality and accuracy of personal information
IPOLA Guideline - QPP 11 – Security, deidentification and destruction of personal information
IPOLA Guideline - QPP12 and 13 - Access and correction under the QPPs
IPOLA Guideline - Basic Guide to Changes to the RTI Act
IPOLA Guideline - Who does the RTI Act apply to
IPOLA Guideline - Managing noncompliant applications
IPOLA Guideline - Publication schemes and proactive disclosure
IPOLA Guideline - Internal Review
IPOLA Guideline - Search issues and referral during external review
IPOLA Guideline - Applications received before 1 July 2025
IPOLA Guideline - Applications outside the scope of the Act
IPOLA Guideline - Decision notices and statements of reasons
IPOLA Guideline - Disclosure logs
IPOLA Guideline - Review rights under the RTI Act
IPOLA Guideline - Assessing the terms of an access application