The Privacy Act requires organisations to have at least one person who fulfils the role of privacy officer.

Who should be a privacy officer

The person responsible for privacy matters depends on the size of your organisation, the work it does, and what personal information it handles.

In smaller organisations, the manager is normally responsible for all legal compliance, including privacy.

Often an in-house complaints, human resources, or legal team will do privacy work as part of their duties.

Large organisations, or organisations that handle a lot of personal information, may need one or more employees focusing exclusively on privacy matters.

Whoever takes on the duties of a privacy officer, it’s important for managers in the organisation to take their advice seriously.

Why you need a privacy officer

As well as being required by law, having a privacy officer is useful for your organisation.

Good privacy builds trust with clients and employees and enhances a business’ reputation. An internal privacy adviser who is familiar with the business and privacy law adds value to your organisation.

Privacy officers can prevent or fix privacy issues before they become serious problems. This can save you money, or lost business.

If someone complains that your organisation has breached their privacy, your privacy officer can help resolve things quickly and effectively.

The duties of a privacy officer

A privacy officer will:

  • be familiar with the privacy principles in the Privacy Act
  • work to make sure the organisation complies with the Privacy Act
  • deal with any complaints from the organisation's clients about possible privacy breaches
  • deal with requests for access to personal information, or correction of personal information
  • act as the organisation's liaison with the Office of the Privacy Commissioner.

They may also:

  • train other staff at the organisation to deal with privacy matters
  • advise their organisation on compliance with privacy requirements
  • advise their organisation on the potential privacy impacts of changes to the organisation's business practices
  • advise their organisation if improving privacy practices might improve the business
  • be familiar with any other legislation governing what the organisation can and cannot do with personal information.

Learn more at