Governance and leadership

Privacy Governance Framework - Governance and leadership image

Proactive governance leadership and management of personal information, health information and privacy will improve the overall information assets of your agency and build trust with your customers and users. Public and private sector organisations are becoming increasingly scrutinised on their handling of privacy issues, information security and risks. Therefore, it is important to ensure that an effective privacy governance framework is in place in your agency.

An effective privacy governance framework benefits everyone and begins with leadership by the agency head. A framework helps to clarify each person’s role in privacy management and ensures that they are held to account. Once appropriate and adequate policies, processes, systems and reporting are in place, privacy management will be a seamless integration into business-as-usual practices. This will help foster a culture of viewing privacy and personal information as an asset and not as a liability.

A privacy governance framework should be included in the agency’s Privacy Management Plan.

Roles and responsibilities

While the mix of roles and responsibilities will vary depending on an agency’s size and circumstances, effective privacy implementation includes the following key functions and roles:

  • Privacy Officers are responsible for developing privacy management plans, procedures, and conducting internal reviews. They should be sufficiently expert to inform agency staff and members of the public of privacy issues.
  • Information Technology and Cybersecurity staff identifying and monitoring data privacy breaches.
  • Business Managers are responsible for considering privacy issues, implementing privacy policies and procedures and managing the handling of personal information across their business unit activities (projects, programs and service delivery).
  • Human Resources and/or the Training and Development function is responsible for inducting and training staff about the agency’s privacy policies and procedures.
  • Front line staff comply with the policies and procedures set out by their agency.
  • Governance and Legal functions are responsible for ensuring and managing legal compliance, reporting and providing advice about the agency’s privacy obligations and needs for flexibility.
  • Audit and Risk Committees identify and monitor agency learnings and ensure risk frameworks adequately consider privacy risk impacts.

For an agency to achieve a robust privacy program, collaboration is essential across staff with key roles and responsibilities for privacy, information security, records and other areas appropriate to that agency.

Read next: Governance and leadership - Checklist

Download the Framework and Guide