Understanding Queensland Privacy Requirements
Queensland organisations face a unique compliance landscape. State legislation, federal legislation, and sector-specific Acts can all apply — sometimes simultaneously. PIMS supports your obligations across all of them.
Information Privacy Act 2009 (Qld) — Updated by IPOLA
Applies to Queensland government agencies, Ministers, and bound contracted service providers.
- Queensland Privacy Principles (QPPs) — replaced the former IPPs and NPPs from 1 July 2025
- QPPs follow the federal APP numbering (13 slots, with QPPs 7, 8, 9 intentionally blank — marketing, cross-border, and government identifiers are not applicable to government agencies)
- Mandatory Notification of Data Breach (MNDB) scheme — Queensland agencies must notify the OIC and affected individuals of eligible data breaches within 30 days (local government from 1 July 2026)
- Requirement to maintain a data breach register and publish a data breach policy
- Oversight by the Office of the Information Commissioner Queensland (OIC)
- Enhanced OIC powers to investigate compliance and data breaches
Federal Privacy Act 1988 (Cth)
Applies to private sector organisations with annual turnover above $3 million and health service providers regardless of size.
- 13 Australian Privacy Principles (APPs)
- Oversight by the Office of the Australian Information Commissioner (OAIC)
- Notifiable Data Breaches scheme — separate from the QLD MNDB scheme
- Privacy Act Amendment (Tranche 1) passed December 2024 — strengthened accountability
- Statutory tort of privacy commenced June 2025
Hospital and Health Boards Act 2011 (Qld)
Applies to employees, officers, and contractors of Queensland health agencies.
- Strict confidentiality obligations for designated persons
- Confidential information includes anything that could identify a person receiving or who has received a public sector health service
- Applies alongside both the QLD IP Act and federal Privacy Act depending on the activity
When Multiple Frameworks Apply
A Queensland health organisation can be subject to all three Acts at once. Private operations fall under the federal Privacy Act. State government contracted services fall under the QLD IP Act (with the federal Act carved out under section 7B(5)). All health service delivery attracts HHB Act confidentiality obligations regardless.
PIMS helps you configure which frameworks apply to your organisation and ensures your PIAs assess against the right legislation.
How PIMS Supports Queensland Organisations
Whether you're a QLD government agency, a Hospital and Health Board contractor, a Brisbane-based healthcare provider, a private organisation operating in Queensland, or a foreign company with Queensland operations, PIMS gives you the tools to manage privacy compliance end-to-end.
Run Your Privacy Program
Establish and manage your organisation's privacy program from a single hub.
Regulatory Framework Configuration
Select Queensland and PIMS automatically identifies the IP Act, QPPs, and HHB Act as applicable. Add Commonwealth, and the federal Privacy Act and APPs are included too.
Program Overview
Your privacy program summary, contacts, key dates, and compliance posture in one place.
Data Breach Reporting
Document your breach response process with links to OIC and OAIC guidance.
Policies and Procedures
Centralise your privacy governance documents.
Train Your Staff on Queensland Privacy Law
Interactive training modules covering QLD and federal privacy obligations.
Interactive Training Modules
Covers the QLD IP Act, Queensland Privacy Principles, and IPOLA reforms.
QPP-Specific Content
All 13 QPPs explained in plain language, highlighting where they differ from the federal APPs.
MNDB Scheme Training
What constitutes an eligible data breach, notification obligations, and the 30-day assessment timeframe.
Jurisdictional Filtering
Training content is filtered to show only what's relevant to your configured regulatory framework.
Federal and State Coverage
If your organisation operates under both QLD and federal law, training covers both.
Assess Privacy Risks
Structured workflows to conduct, track, and approve Privacy Impact Assessments.
Templates Aligned to QPPs and APPs
OAIC standard template out of the box, plus customisable templates for QLD-specific requirements.
Simple or Tiered Workflows
Choose threshold-based skip logic for straightforward assessments, or tiered screening for different assessment levels based on initiative complexity.
Workflow Tracking
Draft through submission, review, and approval with role-based sign-offs.
Risk Register
Identify, score, and track privacy risks with treatment plans and action items.
Map Your Data
Understand what personal information you hold, where it lives, and how it flows.
Information Asset Register
Catalogue systems processing personal information.
Data Dictionary
Classify the personal information elements your organisation handles.
Personal Information Maps
Visualise data flows between systems, as required by the OAIC PIA template.
Report and Demonstrate Compliance
Generate evidence your privacy program is working — for regulators, boards, and auditors.
Stakeholder Reports
Tailored views for privacy officers, executives, auditors, and consultants.
Dashboards
PIA status breakdown, risk heatmaps, compliance metrics at a glance.
Complete Audit Trail
Every action logged, ready for OIC or OAIC review.
Queensland Organisations Using PIMS
PIMS serves organisations across Queensland's public and private sectors.
QLD Government Agencies
Hospital & Health Boards
Private Healthcare
Aged Care
Early Childhood
Not-for-Profits
Private Sector
Contracted Service Providers
IPOLA Compliance Checklist
The IPOLA reforms commenced 1 July 2025. Is your organisation ready?
PIMS helps you tick every box. Configure your regulatory framework, train your staff, conduct PIAs, document your breach response process, and maintain audit-ready records — all in one platform.
Ready to Simplify Privacy Compliance in Queensland?
See how PIMS can help your Queensland organisation manage privacy obligations under the IP Act, Privacy Act, and HHB Act — updated for the IPOLA reforms.