Privacy Impact Assessment Steps - Adelaide Bylaws

Technology and Data South Australia 3 Minutes Read ยท published February 11, 2026 Flag of South Australia

Adelaide, South Australia organisations and contractors handling council data should follow a clear Privacy Impact Assessment (PIA) process before launching projects that collect, use or disclose personal information. This guide summarises practical steps to plan, document and submit PIAs to the City of Adelaide, identifies the responsible offices and explains enforcement, appeals and common compliance issues. Where the council or state sources set no specific fee or form, this guide notes that fact and points to the official policy pages for next steps. For City of Adelaide official guidance see the council privacy policy City of Adelaide privacy policy[1].

A PIA reduces legal and community risk and helps comply with council and state privacy rules.

When to do a Privacy Impact Assessment

Conduct a PIA early for any new system, database, online service, sensor network, CCTV change, or third-party data sharing arrangement that will involve personal data. Consider privacy at design, procurement and procurement contract stages and whenever a change materially affects data use or risk.

  • New IT systems, online portals or cloud services that store personal data.
  • Major changes to CCTV, smart city sensors or public monitoring.
  • Data sharing agreements with external providers or other agencies.
  • Projects that collect sensitive personal information or large-scale datasets.

Penalties & Enforcement

The City of Adelaide enforces its privacy policy and relevant South Australian privacy law through council compliance procedures and may escalate matters to state oversight bodies. Specific monetary fines or penalty amounts for failing to carry out a required PIA are not specified on the cited council policy or the linked state page; see the official sources for enforcement pathways and wording Privacy and Data Protection Act 2014[2]. This guide therefore lists likely enforcement types rather than exact penalty figures.

If you suspect a privacy breach or non-compliance, notify the council and record the incident promptly.
  • Fines and pecuniary penalties: not specified on the cited page.
  • Escalation: first, repeat and continuing offence treatment not specified on the cited page.
  • Non-monetary sanctions: remedial orders, directions to cease processing, removal of access, contract termination or referral to oversight bodies.
  • Enforcer: City of Adelaide By-law Enforcement / Governance and the state privacy oversight body; complaints via City of Adelaide contact channels.
  • Appeal/review: appeal routes and statutory time limits are not specified on the cited council page; check the state Act and council review procedures for deadlines.
  • Defences/discretion: the council may consider reasonable excuse, existing lawful authorisations, or approved variances where published.

Applications & Forms

The City of Adelaide does not publish a specific PIA application form on its public privacy policy page; no dedicated PIA template or mandatory submission form is specified on the cited page. Organisations should consult the council privacy policy and contact the council governance or information management team to confirm local requirements and any internal templates.[1]

How to conduct a PIA

  1. Define scope: list systems, data types, purposes, and stakeholders.
  2. Assess legal basis: confirm lawful basis under South Australian and federal privacy principles.
  3. Identify risks: map privacy risks to individuals and the organisation.
  4. Design mitigations: privacy by design measures, minimisation, access controls and retention limits.
  5. Document outcomes: create a PIA report summarising decisions, mitigations and residual risk.
  6. Consult and submit: consult stakeholders and submit the PIA or summary to the council governance or information management contact if required.
  7. Review and monitor: schedule periodic reviews and update the PIA for material changes.

Action steps

  • Start a PIA checklist at project inception and keep evidence of decisions.
  • Contact City of Adelaide governance or privacy officer to confirm whether a formal submission is required.
  • If a breach occurs, follow council incident reporting processes and notify oversight bodies as required.

FAQ

What is a Privacy Impact Assessment (PIA)?
A PIA is a documented assessment that identifies privacy risks from a project and describes measures to reduce those risks.
Who in Adelaide must complete a PIA?
Any City of Adelaide business unit, contractor or third party managing personal data for council functions should complete a PIA where projects materially affect privacy.
Are there fees or forms to lodge a PIA with the council?
The City of Adelaide public privacy page does not publish a specific PIA form or fee; contact council governance for current procedures.[1]

How-To

  1. Gather project details and data flow diagrams.
  2. Identify privacy risks and legal bases for each processing activity.
  3. Design and record mitigation measures and responsibilities.
  4. Prepare a concise PIA report and retain it with project records.
  5. Consult the City of Adelaide governance team and submit the PIA if required.

Key Takeaways

  • Start PIAs early to reduce compliance risk and project delays.
  • Document decisions and keep records for audits or incident response.
  • Contact the City of Adelaide governance/privacy contact for local requirements and submission advice.

Help and Support / Resources

    Categories

    General Governance and Administration Public Safety Public Health and Welfare Land Use and Zoning Housing and Building Standards Transportation Environmental Protection Parks and Public Spaces Business and Consumer Protection Taxation and Finance Labor and Employment Education Civil Rights and Equity Elections and Campaign Finance Events and Special Uses Signs and Advertising Utilities and Infrastructure Technology and Data