Office of the Australian Information Commissioner updates guidance

The Office of the Australian Information Commissioner has released a new Privacy Management Framework and a check list to help organisations comply with the Australian Privacy Principles. The guidance outlines four ‘e’ steps to ensure good privacy governance:

  • embed leadership and governance arrangements to create a culture of privacy that values personal information
  • establish robust and effective privacy processes (e.g. training staff on their privacy obligations and developing a data breach response plan)
  • evaluate the adequacy and currency of the business’s existing privacy practices (e.g. by creating feedback channels for staff and customers), and
  • enhance (e.g. by commissioning an independent review to identify areas for improvement).

Among the tips on the check list are:

  • always consider doing a privacy impact assessment when developing a project that involves new or changed personal information handling practices
  • collect only the information you need
  • make that information accessible internally on a needs-to-know basis, and
  • have a data breach response plan ready to go.

The new tools followed the release by the Australian Information Commissioner of a survey into the adequacy of the on-line privacy policies of 20 Australian and international organisations within the finance, retail, government and media sectors.

The policies were evaluated against the requirements of Australian Privacy Principle One (APP1), which requires entities to have a privacy policy that is clearly expressed and up-to-date. The Commissioner found that 55% of those surveyed did not meet one or more of the content requirements under APP1.

Links: Privacy management framework and Ten tips to protect your customers’ personal information