Privacy & Data Security Compliance Checklist 2026 (CL5)

A comprehensive annual privacy and data security compliance checklist for Australian dental practices — covering all 13 Australian Privacy Principles, the Notifiable Data Breaches Scheme, and cybersecurity obligations. Aligned with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs 1–13), the Notifiable Data Breaches Scheme 2018, and state and territory health records legislation. Part of the Resolve Dental Consultancy Practice Compliance Checklist Pack series.

Complete annually and whenever there is a significant change in how patient information is collected, stored, or used. Keep the signed copy on file. In the event of a regulatory inquiry, completed privacy checklists demonstrate a culture of ongoing compliance.

✔ Fully editable Microsoft Word format
✔ 6 pages — complete privacy and data security compliance checklist
✔ Aligned with Privacy Act 1988, APPs 1–13, NDB Scheme 2018
✔ 2026-compliant
✔ Instant digital download
✔ Single-practice licence

What's Included:

Section 1 — Privacy Policy & Governance (8 items)
Privacy Policy reviewed within 12 months and compliant with all 13 APPs, Privacy Officer formally appointed, Privacy Policy available to patients at reception and online, version control, staff acknowledgement records, privacy induction training, annual refresher training, and confidentiality provisions in employment contracts.

Section 2 — Collection & Use of Patient Information (8 items)
Minimum necessary data collection (APP 3), patient notification of data collection purpose, consent for use beyond direct care, marketing opt-out compliance, purpose limitation, overseas cloud storage disclosure (APP 8), patient record visibility at reception, and screen privacy controls.

Section 3 — Patient Access, Correction & Records Management (6 items)
Procedures for patient access requests, correction requests, and record transfer requests. Minimum retention periods under state and territory health records legislation, secure destruction procedures, and encrypted digital and locked paper record storage.

Section 4 — Notifiable Data Breaches Scheme (6 items)
Documented Data Breach Response Plan, staff training on what constitutes a breach and how to report it, OAIC notification process and 30-day timeframe, Data Breach Register, cyber insurance review, and assessment of any breaches in the past 12 months.

Section 5 — Cybersecurity & Digital Data Protection (9 items)
Strong unique passwords and documented password policy, multi-factor authentication (MFA) for practice management software and email, daily encrypted backup with off-site or cloud storage, software security patches, antivirus and endpoint protection, staff cybersecurity awareness training, access revocation on staff departure, segregated guest Wi-Fi, and acceptable use policy.

Section 6 — Complaints & Ongoing Compliance (4 items)
Documented privacy complaints process, complaints register, staff training on responding to privacy concerns, and OAIC adverse findings review.

Annual Sign-Off
Space for the completing team member's name, signature, position, and date — creating a formal annual compliance record.