Who should attend

This course is for privacy contact officers and officers of all levels who are responsible for handling personal information in the course of their duties. It is expected that participants will have completed our 'Introduction to privacy' course or have equivalent training or significant experience in handling privacy issues.

Course outline

The Privacy Act 1988 sets out standards for the management of records containing personal information within the Commonwealth public sector. This includes the Notifiable Data Breach (NDB) Scheme in Part IIIC of the Privacy Act 1988 and the Australian Government Agencies Privacy Code (Code).

This course will give practical guidance on how agencies can comply with their privacy obligations in four key areas:

  • Responding to data breaches
  • Responsibilities under the Code
  • Responding to privacy complaints
  • Preparing a privacy impact assessment (PIA).

This course will cover how to respond to data breaches, including the process for determining whether an eligible data breach has occurred. We will also examine the responsibilities of agencies under the Code, and share our experiences in assisting agencies to meet their responsibilities.

We will review the relevant provisions of the Privacy Act 1988 as they apply at each stage of complaint handling, and give practical examples of circumstances which have arisen in Commonwealth agencies. We will also give guidance on undertaking a threshold assessment to determine whether a PIA is required for new projects and systems which are 'high risk', and outline how to undertake a PIA.

Each topic will involve working through syndicate exercises in small groups, which will describe fictitious scenarios raising issues relevant to meeting an agencies obligations under the Privacy Act 1988. The groups will be asked to identify these issues and consider how they might be managed.

A manual containing a detailed paper and guidance on the application of the Australian Privacy Principles (APPs) is provided.


Participants will significantly enhance their skills in responding to privacy issues, such as data breaches and complaints, which arise in handling personal information. They will have a greater knowledge of how to meet their agency's obligations under the Code, including the conduct of PIAs.


Our presenters are AGS lawyers who have a great depth of knowledge of the government environment, and who practise extensively in the areas of information access and administrative law.


This is a full-day course from 9 am – 4.30 pm. Morning tea, lunch and afternoon tea will be provided.


Standard fee – $880 (inclusive of GST) per person. No more than 20 people will be accepted on each course and courses will only be conducted if we receive sufficient nominations.