IPC Audit Work Program

CEO/Information Commissioner’s introduction

The Information and Privacy Commission (IPC) is one of a few independent statutory authorities in NSW. We administer legislation dealing with privacy and access to government held information in NSW.

While our core work is the provision of advices, undertaking reviews and dealing with complaints, the IPC must also identify and respond to risk to improve and promote compliance. The IPC also aims to provide the entities we regulate with broader insights that inform and challenge government to improve transparency and accountability and improve outcomes for citizens.

Like any agency, we have finite resources and must target our efforts to make the most of what we have at our disposal. In 2019/20 the IPC commenced a program of proactive audits to elevate and influence compliance by regulated entities. This year we have chosen to focus aspects of our audit activity on providing insights into key areas of compliance which pose risk and impact accountability, transparency, open access, and the right to access information by citizens.

Consistent with the proactive disclosure principles under the GIPA Act, the IPC has decided to publish on a quarterly basis the audits projected to be completed.

Elizabeth Tydd
IPC CEO, NSW Information Commissioner
NSW Open Data Advocate

Our Role

The IPC reports to the NSW Parliament and the Information Commissioner’s functions include assisting agencies in connection with their functions under the GIPA Act and monitoring, auditing and reporting on the exercise by agencies of their functions under and compliance with the GIPA Act. These audits are a mechanism which assist agencies to elevate their compliance, improve knowledge and understanding of their requirements and functions.

The IPC conducts compliance audits under the Government Information (Public Access) Act 2009 (GIPA Act) and can also undertake investigations or inquiries under the Government Information (Information Commissioner) Act 2009 (GIIC Act). Our audits include audits of agencies’ compliance with specific legislation, guidelines and regulations.

Through our audit function we aim to also:

  • promote information access rights in NSW and provides information, advice, assistance and training for agencies and individuals on privacy and access matters
  • review the performance and compliance of agencies and investigate non compliance
  • provide guidance about the legislation and relevant developments in the law and technology as it relates to information access.
Compliance Audit Calendar 2021/22

The IPC has identified and programmed the following audit activities to date. Other audit activities as they are planned will be updated to the program.

Q4 2021/2022

NSW New Agencies – Machinery of Government
The IPC will be undertaking a proactive compliance initiative to assist identified new agencies established as a result of the Machinery of Government changes that will come into effect from 1 April 2022. Under the Government Information (Public Access) Act 2009 (GIPA Act), agencies are required to fulfill a number of obligations to provide access to information and promote the object of the GIPA Act. To assist the newly created agencies with their compliance under the GIPA Act, the IPC will be progressing this audit activity to assist new agencies to positively and proactively fulfill their compliance with the GIPA Act.

Q1 2022/2023

NSW Government Agencies – additional open access requirements
This audit will focus on the compliance with the additional open access requirements for Departments in relation to acquisitions and disposals as required by Schedule 6 of the Government Information (Public Access) Regulation 2018. This audit will examine how  effectively Departments are making information about their acquisitions and disposals publicly available.

Q2 2022/2023

Local Government – Open Access
This audit will be undertaken as a follow up audit. It will review the compliance with open access requirements, 12 months after the Information Commissioner’s 2021 audit report. The focus will remain in relation to the disclosure of pecuniary interests and the operation of the Information Commissioner’s Guideline 1. This audit will draw on prior methodology to assess the level of compliance within the local government sector.

View the IPC's privacy proactive regulatory initiatives program page here.