IPC Audit Work Program

CEO/Information Commissioner’s introduction

The Information and Privacy Commission (IPC) is one of a few independent statutory authorities in NSW. We administer legislation dealing with privacy and access to government held information in NSW.

While our core work is the provision of advices, undertaking reviews and dealing with complaints, the IPC must also identify and respond to risk to improve and promote compliance. The IPC also aims to provide the entities we regulate with broader insights that inform and challenge government to improve transparency and accountability and improve outcomes for citizens.

Like any agency, we have finite resources and must target our efforts to make the most of what we have at our disposal. In 2019/20 the IPC commenced a program of proactive audits to elevate and influence compliance by regulated entities. This year we have chosen to focus aspects of our audit activity on providing insights into key areas of compliance which pose risk and impact accountability, transparency, open access, and the right to access information by citizens.

Consistent with the proactive disclosure principles under the GIPA Act, the IPC has decided to publish on a quarterly basis the audits projected to be completed.

Elizabeth Tydd
IPC CEO, NSW Information Commissioner
NSW Open Data Advocate

Our Role

The IPC reports to the NSW Parliament and the Information Commissioner’s functions include assisting agencies in connection with their functions under the GIPA Act and monitoring, auditing and reporting on the exercise by agencies of their functions under and compliance with the GIPA Act. These audits are a mechanism which assist agencies to elevate their compliance, improve knowledge and understanding of their requirements and functions.

The IPC conducts compliance audits under the Government Information (Public Access) Act 2009 (GIPA Act) and can also undertake investigations or inquiries under the Government Information (Information Commissioner) Act 2009 (GIIC Act). Our audits include audits of agencies’ compliance with specific legislation, guidelines and regulations.

Through our audit function we aim to also:

  • promote information access rights in NSW and provides information, advice, assistance and training for agencies and individuals on privacy and access matters
  • review the performance and compliance of agencies and investigate non compliance
  • provide guidance about the legislation and relevant developments in the law and technology as it relates to information access.
Compliance Audit Calendar 2022/23 and 2023/24

The IPC has identified and programmed the following audit activities to date. Other audit activities as they are planned will be updated to the program.

Q4 2022/23 & Q1 2023/24

Open Access – Record of Open Access
This audit will focus of the compliance by agencies with the requirements to maintain and publish a record as required by section 6(5) of the Government Information (Public Access) Act 2009 which requires an agency to keep a record of the open access information (if any) that it does not make available on the basis of an overriding public interest against disclosure.

Q1 2023/24

Disclosure Logs
This audit will focus on the requirements of agencies to retain a record known as it disclosure log that records information about access applications made to the agency that the agency decides by deciding to provide access to, if the information is information that the agency considers may be of interest to other members of the public. The GIPA Act sets out the required information about access applications that is to be recorded in the agency’s disclosure log.

View the IPC's privacy proactive regulatory initiatives program page here.