Securiti Tops DSPM Ratings in GigaOm Report


Queensland Information Privacy Act (IPA)

Operationalize IPA compliance with the most comprehensive PrivacyOps platform

Last Updated on May 15, 2024

Privacy Center
Fully Functional In Minutes

Elegant Consumer Frontend, Fully Automated Backend, Privacy Regulation Intelligent Everywhere.


The Queensland Information Privacy Act (“IPA”) is a privacy regulation that ensures individuals have their personal information collected, stored, shared, and secured per a strict set of rules by the public sector agencies. The Act is further corroborated by certain "privacy principles" such as the Information Privacy Principles (IPP) and the National Privacy Principles (NPP) that apply to different bodies.

The Office of the Information Commissioner (OIC) (“information commissioner”) is the body primarily responsible for enforcing the IPA across Queensland. Additionally, a privacy commissioner will act as a deputy to the information commissioner, with particular responsibility for matters relating to the information commissioner’s functions.

The Solution

Securiti is a market leader providing enterprise data security, privacy, compliance, and governance solutions with its PI data discovery, DSR automation, documented accountability, and AI-process automation features, among others.

These data solutions and a plethora of similar solutions, backed up by state-of-the-art artificial intelligence and machine-learning-based algorithms, make Securiti an ideal option for organizations that want to achieve effective and efficient compliance with Queensland’s Information Privacy Act.

Queensland IPA Compliance Solution

Request a demo today to learn how Securiti can aid your and your organization's compliance efforts.


Assess Readiness

IPA: Section 6, Chapter 2, Schedule 3 (IPPs), Schedule 4 (NPPs)

Automate and schedule regular internal assessments of various internal data-related activities and mechanisms to maintain a real-time update related to their effectiveness as well as identify potential gaps and blindspots, allowing for timely adjustments if necessary.

Queensland IPA readiness assessment
Data Access Request Management

Secure Fulfillment of Data Access

IPA Sections: 40, 43, 45, 83, 84, 48 (IPP 6)

Automate the fulfillment of any and all users' data access requests while maintaining real-time updates on the status of each request via the central dashboard.

Automate the Processing of Rectification Requests

IPA Sections: 41, 42, 44, 45 (IPP 7, 8)

Automate all data rectification requests by viewing all instances where the subject's personal information appears and gain real-time updates on their progress via the central dashboard.

data rectify request
Data Flow Mapping

Map Data Flows

IPA Section: 33

Track and maintain elaborate documentation and insights related to all incoming and outgoing data transfers to ensure regulatory compliance.

Monitor & Track Consent

NPPs: 2(1)(b) , 2(1)(c)(ii) , 2(3), 2(5)(a) , 9(1) , 9(3)(c)

Ensure compliance with the Information Privacy Act by preventing any processing, potential transfer, sharing, or selling of data to third parties not explicitly consented to by the users by monitoring users' consent status via the central dashboard.

personal data monitoring tracking
Vendor Risk Management

Manage Vendor Risk

​​IPA Sections: 35 , 36(1) , 36(2) , 37

Track all third-party vendors' data processing activities in real-time to ensure their data processing practices in relation to the data shared with them comply with the applicable regulatory requirements.

Assess Data Protection Measures & Enable Appropriate Security Controls

IPP 4, NPP 4

Automate the evaluation of all relevant data protection measures in place per regulatory and industrial standards to ensure their effectiveness in guaranteeing the security of all your data assets as well as eliminating any chances of unauthorized access.

Data Protection Measures

Rights Under the Information Privacy Act

The IPA guarantees the users the following rights:

Right to Access

All users have the right to be given access to a document of an agency or a minister to the extent that they contain the individual's personal information.

Right to Amend

All users have the right to amend the documents of an agency or a minister to the extent that they contain the individual's personal information if it has since become inaccurate, incomplete, misleading, or outdated.

Key Facts About Queensland’s Information Privacy Act:

Here are some important facts to know about Queensland’s Information Privacy Act:


The privacy principles only apply to Queensland's government agencies;


The National Privacy Principles (NPP) applies only to health agencies;


The Information Privacy Principles (IPP) apply to all agencies other than health agencies;


The concerned individual can make an application to the agency or the minister to access or amend his/her personal information by providing an approved form, sufficient information regarding the document, the address to which the notice should be sent, information that he/she considers incomplete/inaccurate, and after ten days of submitting the application, evidence of identity;


An individual can contact the information commissioner to file a privacy complaint if he/she first filed the complaint to the organization and the organization did not respond within 45 days or if the individual is unsatisfied with their response;


Transfer of personal information to any entity outside Australia may only be when:

  • the individual consents,
  • required by law or necessity for public safety or welfare,
  • performance of functions by the entity,
  • the entity is confident that the other entity will handle the personal information fairly or will abide by the IPPs and NPPs, and
  • the transfer is beneficial for the individual, but it is impractical to obtain his consent, but if the individual knows, he/she is likely to give consent;

If the complaint is accepted, a mediation process will be initiated between the user and the offending organization;


If the mediation process does not resolve the issue, the OIC will forward the case to the Queensland Civil and Administrative Tribunal (QCAT);


Any unlawful access, false or misleading information, disclosure to take advantage, failure to produce documents or attend proceedings, and giving misleading directions (orally or written) will be subject to 100 penalty units (as per Crimes Act 1914, one penalty unit equals 275 AUD).

IDC MarketScape

Securiti named a Leader in the IDC MarketScape for Data Privacy Compliance Software

Read the Report