Privacy Impact Assessments

What is a PIA?

A Privacy Impact Assessment (PIA) is an important component of the University's protection of privacy and is to be implemented as part of the University's privacy by design requirement under the Privacy Act 1988 (Cth).

A PIA identifies how a new or revised project or system can have an impact on an individual's privacy, and makes recommendations for managing, minimising or eliminating those privacy impacts.

The PIA process should be included as part of the project and system planning processes, and recorded in the project plan and risk reporting. It should be revisited and updated when changes to a project or system are considered.

When is a PIA required?

A PIA is beneficial for any project or system that involves new or changed ways of handling personal information. 

A PIA is likely to be required if:

  • personal information is collected in a new way;
  • personal information is collected in a way that might be perceived as being intrusive;
  • personal information will be disclosed to another agency, a contractor, the private sector or to the public; or
  • there is a change in the way personal information is collected, disclosed, retained, stored or secured or "handled".

Projects and systems

The first step is determining whether a PIA is required. The PIA threshold assessment tool has been developed to assist this assessment. 

If a PIA is required, the PIA template is a useful tool for stepping you through the Australian Privacy Principles, to meet the obligations of the Privacy Act 1988 (Cth).

Non-standard surveys

Staff and students who are collecting personal information as part of a non-standard survey must complete the Non-standard survey privacy assessment.

The assessment will determine if the survey process complies with the Australian Privacy Principles, the Privacy Act 1988 (Cth) and the ANU Privacy Policy.

If a privacy risk is identified, users will be directed to the ANU Privacy Office for further guidance.

Surveys must be conducted in line with the privacy assessment. If there are changes to how personal information will be handled, the assessment should be completed again.

Further guidance

The Privacy Impact Assessment Guideline provides detailed advice.

Examples of PIAs are available:

For more information or assistance contact the ANU Privacy Officer by email at

Privacy Impact Assessment Register

The ANU Privacy Impact Assessment (PIA) register has been prepared in accordance with section 15(1) of the Privacy (Australian Government Agencies - Governance) APP Code 2017.