Home / Checklists / Privacy complaint OAIC preparation checklist
AU · Regulatory

Privacy complaint OAIC preparation checklist

An OAIC complaint is the primary external mechanism for privacy breaches affecting Australian individuals. This checklist helps lawyers and privacy officers prepare a complaint that survives preliminary assessment.

In short

This is a 12-step checklist for preparing a privacy complaint to the Office of the Australian Information Commissioner under the Privacy Act 1988 (Cth). It covers the APP framework, internal complaint, and remedies.

Run this checklist with Quillio — free trial
12-step checklist

The checklist

1

Identify the respondent

Identify the APP entity or agency the complaint is against.

Privacy Act 1988 (Cth) s 6
2

Confirm APP application

Confirm the respondent is covered by the Australian Privacy Principles.

3

Identify the conduct

Identify the act or practice complained of and when it occurred.

4

Map the APPs

Map the conduct to specific APPs — collection, use, disclosure, quality, access.

Privacy Act 1988 (Cth) Sch 1
5

Complete internal complaint

Confirm the complaint was made to the respondent and 30 days have passed.

Privacy Act 1988 (Cth) s 40(1A)
6

Gather evidence

Gather correspondence, privacy policies, and records relating to the conduct.

7

Identify loss and harm

Identify financial loss, psychological harm, humiliation, or loss of privacy.

8

Scope remedies

Scope remedies including apology, correction, change of practice, and compensation.

9

Check NDB overlap

Assess whether the conduct involves a Notifiable Data Breach.

Privacy Act 1988 (Cth) Part IIIC
10

Draft complaint form

Draft the OAIC complaint form with clear chronology and APP analysis.

11

Prepare for conciliation

Prepare for conciliation including realistic settlement parameters.

12

Consider determination path

Consider the determination pathway if conciliation does not resolve the complaint.

Privacy Act 1988 (Cth) s 52
When to use

When this checklist applies

Use when preparing or advising on an OAIC privacy complaint after an internal complaint has been exhausted.

Common pitfalls

  • Complaint filed before the 30-day internal period
  • APP analysis missing or too general
  • Remedies sought without evidence of harm
  • Missing NDB angle when a data breach is involved
  • Expected settlement range not scoped before conciliation
Use with Quillio

Run this checklist on a real matter

Quillio can map conduct to the APPs, summarise OAIC determinations, and draft complaint narratives. See /practice-areas/regulatory or start a free trial.

General Commonwealth privacy guidance. State-based privacy regimes and sector-specific rules may apply alongside.

Use this checklist on your matter.

Quillio can run this checklist on a specific NSW conveyancing matter — confirm each item, calculate adjustments, and generate the supporting documents. The free trial requires no credit card.

Start your free trial