Privacy Commissioner launches online privacy tool for NSW public sector
The Privacy Commissioner has launched the Privacy Governance Framework, a dynamic online privacy tool designed for “whole of organisation” engagement with the management of personal information.
Believed to be the first of its kind in Australia, the Privacy Governance Framework has been created to help agencies to better understand privacy risks and opportunities, and to address their roles and responsibilities in relation to privacy management under the Privacy and Personal Information Protection Act 1998 (PPIP Act).
A key emphasis of the Privacy Governance Framework is that effective privacy implementation starts with leadership. Good privacy governance is a vital element in good customer service. Increasingly in the public and private sectors, managers are responding to privacy issues as part of usual administration or business practices. Capturing the benefits of good privacy practices is maximised by CEOs and senior executives setting the rules around the management of personal information.
Privacy governance provides the framework through which agencies can successfully manage the personal information for which they are custodians. The online framework includes elements relating to leadership, accountability and a privacy program through which privacy resources can be delivered and these elements should be embedded with existing risk management processes within agencies wherever possible.
The practical starting point is finding out what personal information is held, the purpose for which it is held and the associated risks. Then review your agency’s privacy strategy – does it allow you to use personal information to meet objectives, prevent damaging privacy breaches, offer trusted and engaging customer service and deliver effective government administration? Are you communicating with your service users on how you manage their personal information?
Effective privacy strategy draws on the range of ‘proactive’ privacy tools available including use of Privacy Management Plans, ‘Privacy by Design’ or Privacy Impact Assessments (PIAs), and is supported by a selection of useful resources developed by the IPC to assist your organisation to embed good privacy practices. It also builds a safety net for individuals for when things go wrong, including responsive handling of privacy complaints, data security breach plan and regular updates on progress to fix problems.