In short
Treasury has responsibilities under the Privacy Act 1988. The Privacy (Australian Government Agencies – Governance) APP Code 2017 (Privacy Code) requires us to conduct a privacy impact assessment (PIA) for all high privacy risk projects or initiatives.
High privacy risk project
A project may be a high privacy risk project if we consider that it involves any new or changed ways of handling personal information that are likely to have a significant impact on the privacy of individuals.
Treasury's responsibilities
Treasury is also required to conduct a PIA if directed to do so by the Office of the Australian Information Commissioner (OAIC).
We are required to:
- maintain a register of all PIAs we conduct and
- publish that register, or a version of that register, on our website.
Register
We publish the privacy impact assessment register in compliance with the Privacy Code.
Register last updated: 30 May 2025
2024
Scams Prevention Framework
PIA signed date
30 October 2024
Short project description
The Scams Prevention Framework legislation creates new obligations and rules for certain businesses in sectors targeted by scammers.
Completed by
Australian Government Solicitor
Beneficial ownership policy
PIA signed date
June 2024
Short project description
Beneficial ownership register for unlisted companies.
Completed by
Australian Government Solicitor
2022
Consumer Data Right – operational enhancements
PIA signed date
December 2022
Short project description
PIA update: Consumer Data Right (CDR) rules amendments as they relate to operational enhancements.
Completed by
KPMG
Youpla Group Funeral Benefits Program
PIA signed date
29 November 2022
Short project description
Grant program administered by Treasury and the Department of Industry, Science and Resources to help the families of people affected by the collapse of the Youpla Group (also known as the Aboriginal Community Benefits Fund).
Consumer Data Right – action initiation introduction
PIA signed date
10 October 2022
Short project description
Privacy impact assessment on proposed legislation to enable action initiation in the Consumer Data Right.
Completed by
KPMG
Consumer Data Right – non-bank lending sector
PIA signed date
August 2022
Short project description
Privacy impact assessment on examining the privacy impact of designating the non-bank lending sector to the Consumer Data Right.
Completed by
Treasury with input from KPMG
2021
Consumer Data Right – telecommunications sector
PIA signed date
November 2021
Short project description
Privacy impact assessment on examining the privacy impact of designating the telecommunications sector to the Consumer Data Right.
Completed by
Treasury with input from Maddocks
Consumer Data Right – energy sector amendments
PIA signed date
26 November 2021
Short project description
Privacy impact assessment update: ‘version 4’ Consumer Data Right (CDR) rules amendments as they relate to the energy sector.
Completed by
Maddocks
Consumer Data Right – business participation pathways and consumer data access and control
PIA signed date
29 September 2021
Short project description
Privacy impact assessment update: ‘version 3’ Consumer Data Right (CDR) rules amendments to expand participation pathways for businesses and give consumers better access and control over their data.
Completed by
Maddocks
2020
Consumer Data Right – energy sector
PIA signed date
30 June 2020
Short project description
Supplementary PIA focusing on expanding the Consumer Data Right (CDR) to the energy sector.
Completed by
KPMG
2019
Consumer Data Right – consumer data access and control, second version
PIA signed date
29 November 2019
Short project description
Implementing the Consumer Data Right (CDR) to give consumers better access and control over their data.
Completed by
Maddocks
Consumer Data Right – initial implementation
PIA signed date
March 2019
Short project description
Implementing the Consumer Data Right (CDR) to give consumers better access and control over their data.
Completed by
Treasury