Publications by Category

• Cross-Border Data Flows and International Regulation

• Governance

• Health

• Identity Management

• Privacy by Design

• Privacy Impact Assessments, Audits and Investigation Reports

• Privacy Policies and Notices

• Regulation and Reform

• Security and Privacy

• Technology and Privacy

• Trust

• Other Topics

• Archive

Privacy Impact Assessments, Audits and Investigation Reports

• "2026 Census (Phase 2) Privacy Impact Assessment", undertaken for the Australian Bureau of Statistics and published on the Bureau's website along with its Response, 3 December 2024.

• "Privacy Impact Assessment: Mobile Phone and Seatbelt Technology Program 2023", undertaken for the Queensland Department of Transport and Main Roads published on the mobile phone and seatbelt cameras webpage, 3 May 2024.

• "2026 Census (Phase 1) Privacy Impact Assessment", undertaken for the Australian Bureau of Statistics and published on the Bureau's website along with its Response, 15 February 2024.

• "My Health Records Security and Access Policy Assessment 2: Security and Access Governance", undertaken for the Office of the Australian Information Comissioner involving the assessment of 20 GP clinics’ security and access governance for the My Health Record system, November 2022.

• "Privacy Impact Assessment Report and Independent Review - Mobile Phone and Seatbelt Technology (MPST)", undertaken for the Queensland Department of Transport and Main Roads published on the mobile phone and seatbelt cameras webpage, 14 February 2022.

• "Privacy Impact Assessment - Safety by Design Assessment tool - Condensed report", undertaken for the Office of the eSafety Commissioner published on the tool’s privacy webpage, 10 May 2021.

• "Privacy Impact Assessment: Data Availability and Transparency Bill 2020" as introduced to Parliament on 9 December 2020, undertaken for the Office of the National Data Commissioner (ONDC) and published on the ONDC’s website along with its Response, 16 April 2021.

• "SNSW Data Breach - Post Incident Report", undertaken for NSW Department of Customer Service and Service NSW and published on the Service NSW cyber incident website, 16 December 2020.

• "Privacy Impact Assessment: 2021 Census Administrative Data", undertaken for the Australian Bureau of Statistics and published on the Bureau's website along with its Response, 21 July 2020.

• "Privacy Impact Assessment: Australian Teacher Workforce Data Strategy", undertaken for the Australian Institute for Teaching and School Leadership, 30 May 2019.

• "Privacy Impact Assessment: VicRoads participation in the National Driver Licence Facial Recognition Solution", undertaken for VicRoads and published on its privacy page along with its Response, December 2018.

• "National Driver Licence Facial Recognition Solution Privacy Impact Assessment Report", undertaken for the Attorney-General’s Department and published on the government’s IDMatch website along with the Department’s Response, November 2017.

• "Privacy Impact Assessment: Linkage of Address Register with Census Data/Contact Data", undertaken for the Australian Bureau of Statistics and published on the Bureau's website along with its Response, October 2017.

• "National Facial Biometric Matching Capability Privacy Impact Assessment – Use of Face Identification Service by specified agencies", undertaken for the Attorney-General’s Department and published on the government’s IDMatch website along with the Department’s Response, March 2017.

• "National Facial Biometric Matching Capability: Privacy Impact Assessment – Interoperability Hub", undertaken for the Attorney-General's Department of Australia and published along with the Departmental Response on the Department's website, August 2015.

• "Privacy Impact Assessment: Microsoft Office 365 and Google Apps for Education", undertaken for the Education and Training Directorate ACT and published on the Directorate's website, 19 September 2014.

• "The Cone of Silence – Data Protection and Privacy What every in-house lawyer should know", presented by Malcolm Crompton and Mary Ahern (Accident Compensation Corporation of New Zealand) at the 26th Annual Conference of the Corporate Lawyers Association of New Zealand , Napier, New Zealand, 16 May 2013.

• "Corporate Lessons from Major NZ Data Breach", HP Inform Magazine, 2012, Issue 9, HP Enterprise Security Services, Asia-Pacific edition.

• "Data Breach: ACC Case Study", presented by Annelies Moens at the NSW Right to Information/Privacy Practitioners Network, Sydney, 21 November 2012.

• "Privacy – what every auditor should know", presented by Malcolm Crompton and Souella Cumming (KPMG) at The Institute of Internal Auditors New Zealand Conference 2012, Wellington, 13 November 2012.

• "Privacy Impact Assessment: Extension of Document Verification Service to Private Sector Organisations", undertaken for the Attorney-General's Department of Australia and published on the Department's website, 20 July 2012.

• "Independent Review of ACC's Privacy and Security of Information" undertaken by the Independent Review Team comprising IIS and KPMG for the Accident Compensation Corporation of New Zealand and Office of the Privacy Commissioner of New Zealand, first released by ACC and OPC on 23 August 2012 (see media release).

• "Privacy Impact Assessments (PIAs) and managing risk", presented by Malcolm Crompton at the Privacy Forum "Think Big? Privacy in the age of big data" hosted by the Privacy Commissioner of New Zealand during Privacy Awareness Week 2012, Wellington, 2 May 2012.

• "Privacy Impact Assessment: Preliminary Report, Telecommunications (Interception and Access) Act 1979 Reform", undertaken for the Attorney-General's Department of Australia and published on the Department's website, December 2011.

• "Privacy Impact Assessments for iGovt Programme", undertaken for the Department of Internal Affairs (NZ) and published on the Department's Privacy Impact Assessments page, 8 December 2010.

• "PIA on the Electronic Transfer of Prescription Release 1.1", undertaken for National e-Health Transition Authority (NeHTA) and published online by NeHTA on its Privacy Impact Assessments page, 15 December 2010.

• "VET E-portfolios Privacy Impact Assessment Research Report and VET E-portfolios Draft Guidelines", undertaken for the Australian Flexible Learning Framework and published by the Framework on its E-portfolio Resources page
  under the heading 2010 E-portfolios Reports & Papers, March 2010.

• "Privacy Impact Assessment Report: Electronically Verifying Identity under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 using Credit Reporting Information", undertaken for the Attorney-General's Department of Australia and published online by the Department on its page for anti-money laundering and counter terrorism financing, 8 October 2009.

• "Privacy Impact Assessment Report: Personal Property Securities Register Project", undertaken for the Attorney-General's Department of Australia and published online by the Department on its PPS Downloads page, July 2009.

• "Privacy Impact Assessment on Identity Verification Service Initial Implementation", undertaken for the Department of Internal Affairs (NZ) and published on the Department's Privacy Impact Assessments page, 17 July 2009.