Australia · Federal FOI & Privacy

Access and privacy for Australian Government agencies, in one platform

AccessPoint manages Freedom of Information Act 1982 requests and Privacy Act 1988 obligations — the 30-day FOI clock, APP access and correction, and the Notifiable Data Breaches scheme — pre-configured for Australia and running inside your own Microsoft 365 tenant.

Australia — Federal at a glance

Response deadline
30 days to decide an FOI request (s 15)
Extensions
By agreement (s 15AA), for complex requests with OAIC approval (s 15AB), or an automatic 30 days for third-party consultation (s 15(6))
Fees
No application fee; your own personal information is free; processing charges otherwise, with the first 5 hours of decision-making free
Data breaches
Notifiable Data Breaches scheme — assess a suspected breach within 30 days, then notify the OAIC and affected individuals
Oversight
Office of the Australian Information Commissioner — IC review, determinations, and civil penalties
Languages
English

Built for Australia — Federal

One platform for the whole access-and-privacy mandate, pre-configured for this regime and running in your own Microsoft 365 tenant.

FOI request lifecycle

Intake to decision on the 30-day FOI clock — with agreed, complex, and consultation extensions, the Act's exemptions and conditional exemptions, charge estimates, and IC-review-ready records, all built on Microsoft 365.

Privacy Act requests and PIAs

Handle APP 12 access and APP 13 correction of personal information, and run Privacy Impact Assessments, on a guided questionnaire engine with screeners, an embedded risk register, and a regulator-ready summary export.

Notifiable Data Breaches

Log a suspected eligible data breach, run the 30-day assessment, and get a live checklist of what the NDB scheme requires — a statement to the OAIC and notice to affected individuals as soon as practicable.

IC review and complaints

Track internal review, Information Commissioner review, and privacy complaints — each with its own clock, an investigation workspace, and a guided path from decision to the Administrative Review Tribunal.

Automated-decision assessments

Get ahead of the 2024 reforms' automated-decision transparency duty — assess and document the computer programs that make decisions significantly affecting individuals, on the same engine that runs your PIAs.

In your own tenant

Every request, assessment, and record stays inside your own Microsoft 365 and Azure tenant — no third-party cloud, no cross-border transfers, no per-user fees.

The 2024 privacy reforms

Australia's biggest privacy overhaul in a generation is now landing. AccessPoint runs it.

The Privacy and Other Legislation Amendment Act 2024 began the most significant reform of the Privacy Act since it was written. A statutory tort for serious invasions of privacy is already in force, the OAIC has new tiered civil-penalty and compliance powers, and from December 2026 organisations must disclose the automated decisions that significantly affect people. Most FOI offices already run access requests — but not this. AccessPoint operates FOI, privacy requests, breach notification, and impact assessments on one platform, in your own tenant, so your access program and your privacy program live in the same system.

Privacy assessments PIAs and automated-decision assessments on one governed engine.
Breach notification The NDB 30-day assessment and OAIC notice, computed for you.
OAIC oversight IC review and privacy complaints tracked to disposition.

Configured out of the box

Installing the au-federal-foi configuration pack seeds your tenant with everything this regime needs — a starting point you can adjust, not a lock-in.

Related guide: FOI Workflow Quick Check
  • The FOI Act 1982 and Privacy Act 1988 as the legal-authority and citation spine
  • Australian public-holiday calendar and 30-day due-date rules
  • The FOI exemption and conditional-exemption catalogue, colour-coded for redaction
  • The s 15AA, s 15AB, and s 15(6) extension reasons with citations and limits
  • FOI processing-charge categories and the charges schedule
  • Information Commissioner review grounds and dispositions
  • Notifiable Data Breaches assessment and notification rules
  • FOI correspondence templates with statutory wording

Australia — Federal Questions

Does AccessPoint cover both the FOI Act and the Privacy Act?

Yes. The Australian federal configuration ships both regimes in one pack — FOI Act 1982 access requests and Privacy Act 1988 obligations — with the 30-day FOI clock, the section 15AA, 15AB, and 15(6) extensions, the exemption catalogue, APP 12 access and APP 13 correction, and the Information Commissioner reflected in the review workflows.

Does it run the Notifiable Data Breaches scheme?

Yes. Log a suspected eligible data breach and AccessPoint runs the assessment on the scheme's 30-day clock, then produces a live checklist of what is required — a statement to the OAIC and notification to affected individuals as soon as practicable — with a full audit trail.

How does it handle Information Commissioner review?

AccessPoint's complaints and appeals module tracks internal review and IC review by the Office of the Australian Information Commissioner, each with its own statutory clock, an investigation workspace, and a guided path from representations to closure — including onward review by the Administrative Review Tribunal, which replaced the AAT in October 2024.

Where does Australian data reside?

Entirely within your own Microsoft 365 and Azure tenant. Requests, documents, assessments, and audit history never leave your control — no third-party cloud and no cross-border data transfers.

Run FOI and Privacy in One Platform

Try AccessPoint free for 30 days, pre-configured for Australia. No credit card required.

Start Free Trial