Privacy Impact Assessment Register
ASIC has prepared the following Privacy Impact Assessment (PIA) Register in accordance with section 15 of the Australian Government Agencies Privacy Code (the Privacy Code). Under the Privacy Code, all agencies, including ASIC, must conduct a PIA for all projects that significantly impact the way they handle personal information.
The PIA Register below sets out the PIAs ASIC has completed since 1 July 2018. The PIA register will be updated from time to time as new PIAs are completed.
|
Title of PIA |
Project description |
Date completed |
|---|---|---|
| RegistryConnect – modernisation of Banned & Disqualified Registers | Privacy Impact Assessment about the RegistryConnect Program, modernising the storage and search functionality for ASIC’s Banned & Disqualified Registers. | 17 June 2026 |
| Unclaimed Moneys Team call solution migration to Amazon Web Services Connect | Privacy Impact Assessment about the migration of the Unclaimed Moneys Team call solution to the Amazon Web Services Connect Connect system. | 20 May 2026 |
| Mobile Investigations Platform | Privacy Impact Assessment about the privacy impacts of a pilot considering the replacement of ASIC’s existing primary mobile investigative platform. | 13 March 2026 |
| MFA update to improve device security | Privacy Impact Assessment about Implementing Multi-factor authentication for authenticating users of systems that is phishing-resistant. | 13 March 2026 |
| Publication of Internal Dispute Resolution Data | Privacy Impact Assessment about the publication of Internal Dispute Resolution data interactive dashboard. | 10 March 2026 |
| RegistryConnect – Search modernisation | Privacy Impact Assessment about the RegistryConnect Program modernisation project to modernise search functionality within ASIC’s companies and professional registers. | 13 February 2026 |
| CASIY AI Simulator use for Learning & Development | Privacy Impact Assessment about the use of an AI-powered role-playing tool for learners to practice skills. | 13 February 2026 |
| Inquiry into Australian Securities Exchange | Privacy Impact Assessment about ASIC's Inquiry into Australian Securities Exchange group in June 2025. | 19 December 2025 |
| Deployment of AWS Textract | Privacy Impact Assessment about using Amazon Textract to improve the efficiency of reviewing free text documents of interest, including those containing complex forms, tables or handwriting. | 17 December 2025 |
| Disclosure reporting system | Privacy Impact Assessment about implementation of new internal disclosure reporting system. | 12 November 2025 |
| Advoc8 | Privacy Impact Assessment about ASIC’s use of the Advoc8 platform, a full-suite technology platform designed for public affairs and government relations professionals. | 17 August 2025 |
| Enforcement and Compliance use of AWS Translate | Privacy Impact Assessment for Enforcement & Compliance about the use of Amazon Translate. | 1 August 2025 |
| Digital Asset Tracing | Privacy Impact Assessment about the use of Digital Asset Tracing. | 28 July 2025 |
| Officeholder linkage | Privacy Impact Assessment about the matching of Director ID data with data about company officeholders for regulatory purposes. | 23 July 2025 |
| Markets use of AWS Transcribe | Privacy Impact Assessment about the use of AWS Transcribe by Market Integrity. | 12 June 2025 |
| Event registration platform procurement – ASIC events | Privacy Impact Assessment about utilising EventsAir is to manage the registration of internal and external participants, attending these events. | 9 May 2025 |
| RegistryConnect - Telephony | Privacy Impact Assessment for the Registry Connect telephony solution. | 6 May 2025 |
| Aurion Payroll & Core HR System Replacement | Privacy Impact Assessment about replacing ASIC’s payroll and core HR system with a modern and Government standardised human resource (HR) program. | 25 February 2025 |
| Letters to E&C | Privacy Impact Assessment for about an Enforcement and Compliance internal culture project. | 20 February 2025 |
| Implementation of TechnologyOne | Privacy Impact Assessment about replacing ASIC’s financial systems with TechnologyOne. | 17 January 2025 |
| Regulation and Supervision use of AWS Transcribe | Privacy Impact Assessment about the use of AWS Transcribe. | 14 November 2024 |
| Regulatory Data Repository Modernisation Project | Privacy Impact Assessment about analysing the privacy risks associated with ASIC's Regulatory Data Repository Modernisation Program. | 8 November 2024 |
| Machinery of government changes for the return of Registry to ASIC | Privacy Impact Assessment about Machinery of Government changes. | 5 November 2024 |
| Multi-Factor Authentication (MFA) for Regulatory Portal | Privacy Impact Assessment about implementing multi-factor authentication for the Regulatory Portal. | 23 August 2024 |
| Foundational PIA for use of Artificial Intelligence and Large Language Models | Privacy Impact Assessment for CDAO sandbox testing environment for LLMs. | 22 August 2024 |
| Closed-circuit television (CCTV) and electronic access control system (EACS) Update | Privacy Impact Assessment about replacing ASIC’s existing CCTV and EACS systems with another similar system. | 20 August 2024 |
| External Printing Services 2024 | Privacy Impact Assessment about Registry Operations external printing services. | 14 August 2024 |
| Australian Financial Services License Project | Privacy Impact Assessment about the digital experience for AFS Licensees and processes for applying for and managing their licences. | 8 August 2024 |
| Digital Services Platform Project | Privacy Impact Assessment about the implementation and setup of the Outsystems product in ASIC’s Amazon Web Services environment. | 12 July 2024 |
| Lite Review | Privacy impact Assessment about using natural language processing. | 27 June 2024 |
| Source Acquisition - Ingest AFSA data via API feed | Privacy Impact Assessment about ingesting Australian Financial Security Authority data via API feed. | 17 June 2024 |
| Identity Governance and Administration | Privacy Impact Assessment about replacing ASIC’s legacy identity system to deliver an automated, integrated and secure identity lifecycle and access management platform. | 5 June 2024 |
| Compensation Scheme of Last Resort Operator notifications project | Privacy Impact Assessment about how ASIC, through Misconduct & Breach Reporting, will receive, store, register and use specified notifications. | 18 April 2024 |
| Integration of ASIC Mainframe Registers data into the Enterprise Data Platform | Privacy Impact Assessment about using Processing Data through the ASIC Enterprise Data Platform in ASIC’s Amazon Web Services tenancy | 17 April 2024 |
| Conflict of Interest – Disclosures | Privacy Impact Assessment about the operating effectiveness of ASIC’s Conflicts of Interest Policy with regards to disclosures of interest. | 11 April 2024 |
| Conflict of Interest – Trading | Privacy Impact Assessment about monitoring of trading non-disclosures within ASIC. | 11 April 2024 |
| Updating the Report of Misconduct Form | Privacy Impact Assessment about updating the Report of Misconduct form. | 26 February 2024 |
| Event registration system procurement | Privacy Impact Assessment about Eventbrite, an event registration site is to manage the registration of external participants. | 26 February 2024 |
| CRM Data Lake Project | Privacy Impact Assessment about setting up a direct connection between ASIC CRM Online and ASIC’s Enterprise Data Platform – also known as Data Lake. | 22 February 2024 |
| ASIC Enterprise Data Platform | Privacy Impact Assessment about the Enterprise Data Platform which integrates with ASIC's data governance platform and with a range of other data transfer, data management and analytics tools. | 15 December 2023 |
| Expense8 Implementation | Privacy Impact Assessment about procuring Expense8 as a Whole of Australian Government Travel and Expense Management tool. | 22 September 2023 |
| Cyber Resilience Survey | Privacy Impact assessment about facilitating the end-to-end delivery of the next iteration of the cyber resilience self-assessment questionnaire | 4 September 2023 |
| General Insurance Claims Handling Project | Privacy Impact Assessment about analysing data and claim files to understand consumer experiences and identify issues in home insurance claims. | 29 July 2023 |
| Scams Intelligence Forms | Privacy Impact Assessment about improving and streamline the way Misconduct and Breach Reporting handles scam reports of misconduct. | 14 July 2023 |
| Enforcement use of Amazon Web Services Transcribe | Privacy Impact Assessment about use Amazon Web Services Transcribe to aid in transcription of multimedia files (for example videos) that are of potential interest to Enforcement. | 22 June 2023 |
| Forensic Accounting Service - Demarq software | Privacy Impact Assessment about finding a new way to expediate the ability to analyse bank statements received from financial institutions in PDF form. | 6 February 2023 |
| Sine Visitor Management System | Implementation of an Electronic Visitor and Contract Management System for visitors and contractors to use to sign in when entering ASIC sites. Specifically, ASIC Sydney, ASIC Brisbane, ASIC Melbourne, ASIC Perth, ASIC Adelaide and ASIC Hobart offices. | 18 October 2022 |
| Implementation of Applicant Tracking System (Springboard) | Privacy Impact Assessment about the Talent Acquisition function, previously recruitment process outsourcing (RPO), and bringing the recruitment function inhouse. | 30 June 2022 |
| Speak up | Speak Up project involves the implementation of a two-way communication platform, where ASIC staff can anonymously raise a concern or make a confidential report about suspected wrongdoing. | 15 June 2022 |
| Registry transition | The Registry Transition project involves the transfer of staff and functional responsibility for the registers from ASIC to the Australian Business Register Service. In particular, operation of the Registry Business will be performed by the Registrar’s staff (on behalf of ASIC) under an ASIC delegation following a machinery of government change on 15 April 2021. | 31 May 2022 |
| Modernising Business Registers Program - Registry Transition | Privacy Impact Assessment involving the transfer of operational and functional responsibility for the In-scope Registers and the Registry Business from ASIC to the Registrar. | 23 December 2021 |
| Self-Managed Super Fund Auditors Campaign | Privacy Impact Assessment about contacting Auditors using Campaign Monitor for the purpose of executing our regulatory role. | 9 November 2021 |
| ASIC Director ID | Implementation and management of a unique Director Identification Number (Director ID) for eligible officers as part of the Modernising Business Registers Program. | 14 September 2021 |
| Management of leave balances audit | Privacy Impact Assessment about identifying challenges associated with the management of staff leave. | 10 September 2021 |
| Modernising Business Registers Program - ASIC Director ID | Privacy Impact Assessment involving the implementation and management of a unique Director Identification Number (Director ID) for eligible officers. | 3 September 2021 |
| Internal Dispute Resolution (IDR) Data | Implementation of a mandatory data reporting and publication framework for complaints received by financial firms. | 24 May 2021 |
| Windows Laptop Project | Privacy Impact Assessment about replacing the virtual desktop interface with a Windows Laptop. | 7 April 2021 |
| Employee Feedback Platform | Privacy Impact Assessment about Employee Feedback Platform which is a tool designed specifically for the collection and analysis of responses to human resources surveys. | 25 February 2021 |
| Invia Mobile Fleet Manager | Privacy Impact Assessment about using the Optus Mobile Fleet Manager product to inform ASIC IT Business Office and other IT forums of financial expenditures. | 23 December 2020 |
| Regtech Voice Analytics | Privacy Impact Assessment about a capability uplift initiative, aimed at building a unified methodology for ASIC to review audio files across formats for the purpose of its investigations and compliance review. | 14 October 2020 |
| Avaya Customer Call Centre Upgrade | Privacy Impact Assessment about upgrading the Customer Call Centre core infrastructure. | 28 August 2020 |
| Life Insurance Framework review Project | Privacy Impact assessment about how to determine whether life insurance commission caps should be further reduced. | 13 August 2020 |
| Alares IT Product | Privacy Impact Assessment about enabling ASIC to utilise an IT product that has been developed by an external service provider called Alares. | 13 August 2020 |
| ATO ASIC Data Fusion Program | Fusion of ASIC and ATO data to assist ATO in identifying phoenixing behaviour. | 29 June 2020 |
| Enterprise Data Hub and Data Lake | The project builds and develops the Data Lake and Enterprise Data Hub a new way of warehousing and analysing that data to build ASIC's data capability. | 11 June 2020 |
| WebEx for Examinations | As a result of COVID-19 restrictions, considering the adoption of WebEx audio and video conferencing for the purposes of examinations under s 19 of the Australian Securities and Investments Commission Act 2001 and s 256(1) of the National Consumer Credit Protection Act 2009. | 6 May 2020 |
| Single Touch Payroll | The project implements ASIC’s response to the statutory requirement for all employers to notify payments (such as salaries and wages), PAYG withholding and superannuation information to the ATO under Division 389 of Schedule 1 to the Taxation Administration Act 1953 – Reporting by employers. | 12 February 2019 |
| Iron Mountain Scan on Demand | This project aims to digitise archived physical files stored offsite when requested by ASIC staff, through services performed by an external provider. | 20 December 2018 |