IPC Audit Work Program 2020/21

CEO/Information Commissioner’s introduction

The Information and Privacy Commission (IPC) is one of a few independent statutory authorities in NSW. We administer legislation dealing with privacy and access to government held information in NSW.

While our core work is the provision of advices, undertaking reviews and dealing with complaints, the IPC must also identify and respond to risk to improve and promote compliance. The IPC also aims to provide the entities we regulate with broader insights that inform and challenge government to improve transparency and accountability and improve outcomes for citizens.

Like any agency, we have finite resources and must target our efforts to make the most of what we have at our disposal. In 2019/20 the IPC commenced a program of proactive audits to elevate and influence compliance by regulated entities. This year we have chosen to focus aspects of our audit activity on providing insights into key areas of compliance which pose risk and impact accountability, transparency, open access, and the right to access information by citizens.

Consistent with the proactive disclosure principles under the GIPA Act, the IPC has decided to publish on a quarterly basis the audits projected to be completed.

Elizabeth Tydd
IPC CEO, NSW Information Commissioner
NSW Open Data Advocate

Our Role

The IPC reports to the NSW Parliament and the Information Commissioner’s functions include assisting agencies in connection with their functions under the GIPA Act and monitoring, auditing and reporting on the exercise by agencies of their functions under and compliance with the GIPA Act. These audits are a mechanism which assist agencies to elevate their compliance, improve knowledge and understanding of their requirements and functions.

The IPC conducts compliance audits under the Government Information (Public Access) Act 2009 (GIPA Act) and can also undertake investigations or inquiries under the Government Information (Information Commissioner) Act 2009 (GIIC Act). Our audits include audits of agencies’ compliance with specific legislation, guidelines and regulations.

Through our audit function we aim to also:

  • promote information access rights in NSW and provides information, advice, assistance and training for agencies and individuals on privacy and access matters
  • review the performance and compliance of agencies and investigate non compliance
  • provide guidance about the legislation and relevant developments in the law and technology as it relates to information access.
Compliance Audit Calendar

Q1 2020/21

NSW Police
This report brings together findings and recommendations from our 2019 Compliance audit report of NSW Police and reviews the implementation of the recommendations and policies and processes to support compliance with the GIPA Act as identified in the 2019 Audit Report.

NSW Government Agencies – contract register compliance
This audit will focus on select agencies compliance with the open access disclosure requirements for contract registers under the GIPA Act. This audit will draw on a prior methodology adopted in previous contract register compliance audits to include assessments of the design effectiveness and operational effectiveness of contract register disclosure by selected agencies.

An audit in this area may also consider whether contracts are being published to the contract registers and to the e-tenders website.

Q1 & Q2 2020/21

Local Government
This audit will bring together findings and recommendations from compliance audits of local councils and will comment on the compliance with open access requirements, in relation to the disclosure of pecuniary interests and the operation of the Information Commissioner’s Guideline 1.

Q3 2020/21

iCare – Phase 2
This audit will bring together findings and recommendations from the first phase of the icare audit and will look undertake a detailed assessment of the scope of non-compliance and the remedial actions that icare has taken or is taking to address the non-compliance and to ensure that mechanisms are in place to support future compliance.

View the IPC's privacy proactive regulatory initiatives program page here.