IPC Audit Work Program
The Information and Privacy Commission (IPC) is one of a few independent statutory authorities in NSW. We administer legislation dealing with privacy and access to government held information in NSW.
While our core work is the provision of advices, undertaking reviews and dealing with complaints, the IPC must also identify and respond to risk to improve and promote compliance. The IPC also aims to provide the entities we regulate with broader insights that inform and challenge government to improve transparency and accountability and improve outcomes for citizens.
Like any agency, we have finite resources and must target our efforts to make the most of what we have at our disposal. In 2019/20 the IPC commenced a program of proactive audits to elevate and influence compliance by regulated entities. This year we have chosen to focus aspects of our audit activity on providing insights into key areas of compliance which pose risk and impact accountability, transparency, open access, and the right to access information by citizens.
Consistent with the proactive disclosure principles under the GIPA Act, the IPC has decided to publish on a quarterly basis the audits projected to be completed.
| Our Role |
|---|
The IPC reports to the NSW Parliament and the Information Commissioner’s functions include assisting agencies in connection with their functions under the GIPA Act and monitoring, auditing and reporting on the exercise by agencies of their functions under and compliance with the GIPA Act. These audits are a mechanism which assist agencies to elevate their compliance, improve knowledge and understanding of their requirements and functions.
The IPC conducts compliance audits under the Government Information (Public Access) Act 2009 (GIPA Act) and can also undertake investigations or inquiries under the Government Information (Information Commissioner) Act 2009 (GIIC Act). Our audits include audits of agencies’ compliance with specific legislation, guidelines and regulations.
Through our audit function we aim to also:
- promote information access rights in NSW and provides information, advice, assistance and training for agencies and individuals on privacy and access matters
- review the performance and compliance of agencies and investigate non compliance
- provide guidance about the legislation and relevant developments in the law and technology as it relates to information access.
| Compliance Audit Calendar |
|---|
The IPC has identified and programmed the following audit activities to date. Other audit activities as they are planned will be updated to the program.
Q3 2024-25 – Q1 2025-26
Joint Commissioner Regulatory Desktop review of Agency Information Guides and Privacy Management Plans
The use of technology, in particular Artificial Intelligence (AI) and Automated Decision Making (ADM) has the capacity to impact and effect the information access and privacy rights of individuals. This review is a joint initiative of the Acting Information Commissioner and Privacy Commissioner to understand the extent to which information on the use of ADM or AI by public sector agencies is included in publicly available Agency Information Guides and Privacy Management Plans. The review will focus on the areas of transparency, notification and accountability and supports the Commissioners’ shared regulatory priority of safeguarding rights through informed oversight (Strategic Priority 1). Agencies across the regulated sectors will be included in this baseline review.
View the IPC's privacy proactive regulatory initiatives program page here.
