What is the Privacy Impact Assessment Register
The Privacy Impact Assessment Register records details of Privacy Impact Assessments conducted by ARPANSA since 1 July 2018, as required by the section 15.1 of the Privacy (Australian Government Agencies – Governance) APP Code 2017 (Cth) (the APP Code). The register also contains the ANRDR Privacy Impact Assessment completed in November 2017.
Why we have the register
The APP Code requires that all agencies, including ARPANSA, must conduct a PIA for all high privacy risk projects.
Register of ARPANSA Privacy Impact Assessments
| Item | Date of completion | Privacy Impact Assessment (PIA) |
|---|---|---|
| 8 | June 2026 | CCTV PIA This PIA assesses the privacy impacts of using closed-circuit television (CCTV) cameras in the ARPANSA’s Yallambie Office. This PIA assists in identifying privacy issues associated with using CCTV and proposes recommendations to minimise or eradicate any privacy impacts. This PIA considers ARPANSA’s privacy policy, ARPANSA’s internal practices policies and procedures regarding the CCTV footage and the management of the relevant CCTV footage. Topics covered in this PIA include how personal information will flow through the CCTV system, an assessment of compliance with the APPs and recommendations to mitigate any privacy impacts. |
| 7 | May 2026 | ARPANSA Intranet Migration PTA The PTA considers the privacy risks associated with the migration of the ARPANSA intranet to rectify any technical errors and improve functionality. The PTA was conducted to assess any privacy issues associated within the project. Given that the upgrade does not introduce any new or altered methods for handling personal information, it has been assessed as low risk, and a Privacy Impact Assessment (PIA) is not required at this stage. |
| 6 | June 2025 | ARPANSA Website Upgrade PIA ARPANSA conducted a Privacy Impact Assessment (PIA) for its website rebuild project, which aims to enhance functionality, usability and accessibility. The rebuild will be delivered via GovCMS/Drupal 10/11 and supported by external contractors under strict privacy obligations. The purpose of this PIA is to identify and manage privacy risks associated with the upgrade process. Its scope is limited to the rebuild itself, specifically the handling of any personal information stored in the website’s back-end which is collected via online forms (webforms). While the website does collect personal information, this PIA does not assess the compliance of individual webforms with the Australian Privacy Principles (APPs); that will be addressed in a future audit by ARPANSA’s Office of General Counsel. Privacy risks during data migration and contractor access are mitigated through enforceable contracts, access controls, encryption, and compliance with the Privacy Act 1988 (Cth). In completing this PIA, ARPANSA has already deleted webform data and is in the process of consulting business areas to limit the level and duration of information stored in the back-end of the website, potentially reducing privacy risks. As websites continually evolve, there will be ongoing review of any personal information stored in the back-end of the website and processes updated if new risks arise. |
| 5 | June 2025 | The Australian National Radiation Dose Register (ANRDR) Upgrade PIA Once implemented this PIA will replace the existing PIA for the ANRDR. This updated PIA incorporates an assessment for the submission of dose records from dosimetry service providers. The PIA considers the privacy risks associated with the implementation and use of the ANRDR, that is being used as a national database for the storage and maintenance of occupational radiation dose records in a central location. A primary role of the ANRDR is to produce personal dose history reports to workers on request. The PIA was conducted to identify privacy issues associated with how the ANRDR manages personal information. The PIA proposes recommendations to minimise and eradicate any privacy impacts. It considers the information flows and what types of information is gathered if any, its use and storage. Topics included in this PIA include, the information flows, whether there is any personal information involved and storage and an assessment of compliance with the APPs along with recommendations to mitigate any privacy risks. |
| 4 | June 2025 | Radon Survey PIA Australia published the results of a nation-wide survey of radon concentrations and gamma dose rate levels in Australian homes in 1990. ARPANSA has not performed a survey of this type since its predecessor, Australian Radiation Laboratory (ARL), completed the work in the late 1980’s that resulted in the publication of the nation-wide survey report. There have been significant changes in communication methods since the last survey and ARPANSA is interested in determining the best current processes to be able to complete this type of work through a pilot program. The main aim of a survey will be to define how ARPANSA can engage with the public to complete a survey of the type performed in the late 1980’s. The PIA considered the privacy risks associated with the radon survey that is being used to determine radon concentration and gamma dose rate levels in Australia. The PIA was conducted to identify privacy issues associated with the survey. The PIA proposes recommendations to minimise and eradicate any privacy impacts. It considers the information flows and what types of information is gathered if any, its use and storage. Topics included in this PIA include the information flows, whether there is any personal information involved and storage and an assessment of compliance with the APPs along with recommendations to mitigate any privacy risks. |
| 3 | December 2024 | Personal Radiation Monitoring Service (PRMS) Customer Portal and Application Programming Interface PIA ARPANSA operates the PRMS Portal to enhance the customer experience and improve productivity. The PRMS Portal allows customers, being employers on behalf of their workers (employees, contractors etc) and wearers of the dose monitors, to self-manage their accounts, order monitors, track orders, access dose reports and export data. To complement the portal, PRMS is developing a new application programming interface (API) to automatically send dose reports and other data owned by the customer, such as centre and wearer data to external radiation safety software used by the customer. This will save customers from having to download and manually import reports, boosting efficiency. It is especially beneficial for those managing multiple centres. Importantly, this project will not alter how personal information is collected by PRMS, or how PRMS uses and stores personal information. It simply provides a more efficient and secure way of transferring the data to the customer. Any additional cybersecurity vulnerabilities introduced by this project have been identified and will be managed appropriately by ARPANSA’s Digital Technology Team. The PIA was conducted at an early stage to assist in identifying privacy issues associated with the collection and storage of personal information in the system. Topics covered in this PIA include how the personal information will flow through the Portal, how the information may be updated and accessed by employers, an assessment of compliance with the APPs, and strategies to mitigate any privacy risks. |
| 2 | February 2024 | Google Analytics PTA The PTA considers the privacy risks associated with the implementation and use of the analytics tool, that is being used to better understand interactions with the ARPANSA website. The PTA was conducted to assess any privacy issues associated within the information gathered in the form of metrics and static. The PTA proposes including wording in the Privacy Policy about Google Analytics. |
| 1 | November 2017 | The Australian National Radiation Dose Register (ANRDR) PIA The PIA considers the privacy risks associated with the implementation and use of the ANRDR, that is being used as a national database for the storage and maintenance of occupational radiation dose records in a central location. A primary role of the ANRDR is to produce personal dose history reports to workers on request. The PIA was conducted to identify privacy issues associated with how the ANRDR manages personal information. The PIA proposes recommendations to minimise and eradicate any privacy impacts. It considers the information flows and what types of information is gathered if any, its use and storage. Topics included in this PIA include, the information flows, whether there is any personal information involved and storage and an assessment of compliance with the APPs along with recommendations to mitigate any privacy risks. |
When was the Register last updated?
The Register was last updated: 1 July 2026.


