The Office of the Australian Information Commissioner has released a new Privacy Management Framework and a check list to help organisations comply with the Australian Privacy Principles. The guidance outlines four ‘e’ steps to ensure good privacy governance:
- embed leadership and governance arrangements to create a culture of privacy that values personal information
- establish robust and effective privacy processes (e.g. training staff on their privacy obligations and developing a data breach response plan)
- evaluate the adequacy and currency of the business’s existing privacy practices (e.g. by creating feedback channels for staff and customers), and
- enhance (e.g. by commissioning an independent review to identify areas for improvement).
Among the tips on the check list are:
- always consider doing a privacy impact assessment when developing a project that involves new or changed personal information handling practices
- collect only the information you need
- make that information accessible internally on a needs-to-know basis, and
- have a data breach response plan ready to go.
The new tools followed the release by the Australian Information Commissioner of a survey into the adequacy of the on-line privacy policies of 20 Australian and international organisations within the finance, retail, government and media sectors.