The Privacy Act 1988 (Privacy Act) regulates how personal information is handled which is defined as:

…information or an opinion, whether true or not, and whether recorded in a material form or not, about an identified individual, or an individual who is reasonably identifiable.

Common examples include an  individual’s name, address, phone number, date of birth, medical records, and signature. The Privacy Act includes thirteen Australian Privacy Principles (APPs), which apply to some private sector organisations, as well as most Australian and Norfolk Island Government agenci




The Complaints Handling Officer
Australian Research Council
GPO Box 2702, CANBERRA ACT 2601

You can also complain to the Federal Privacy Commissioner. Information on the Privacy Act can be found on the Office of the Information Commissioner’s website.  

Privacy Impact Assessments

A Privacy Impact Assessment (PIA) is a systematic assessment of a project that identifies the impact that the project might have on the privacy of individuals, and sets out recommendations for managing, minimising, or eliminating that impact.  

Privacy Impact Assessment Register

The Australian Research Council (ARC) is required by the Australian Government Agencies Privacy Code to maintain a register of the Privacy Impact Assessments it conducts. The ARC’s register is published here: 

Issue Description/Outcome

PIA undertaken on the ARC’s draft Research Integrity and Research Misconduct Policy in relation to stakeholder privacy concerns identified in the policy.

The PIA looked at the purpose of the policy and the key privacy risks. The PIA recommended changes to further safeguard the privacy of stakeholders and concluded that the changes adopted in the draft policy would alleviate stakeholder’s concerns.

This Privacy Impact Assessment Register was last updated on 10 February 2022.