The Minister for Defence issues written rules (the AGO Privacy Rules) to regulate how AGO communicates and retains intelligence information concerning Australian persons. During the 2019–20 reporting period, IGIS conducted an in-depth inspection to review AGO’s application of the Privacy Rules, using a sample of AGO products published between July 2018 and October 2019. IGIS officers identified 16 products where a privacy rule was not correctly applied. It should be noted that in these instances the information would have met the requirements of the Privacy Rules had they been applied. IGIS, in cooperation with AGO, identified the factors that led to the non-compliance, and AGO subsequently took remedial action to make future recurrence less likely. This included implementing compliance checklists, additional training, and specific prompts in approval templates, which will assist in preventing similar non-compliance. IGIS is satisfied with AGO’s remedial actions.
Additionally, IGIS identified five products produced under a Director’s approval where a privacy rule was not applied. AGO found that this non-compliance resulted from a misunderstanding within a particular team about the application of the rules, and subsequently provided additional training and compliance support to the team. IGIS is satisfied that AGO took appropriate actions to address the non-compliance.