Governance and Strategy
IIS has strong experience in helping public and private sector organisations with overall privacy governance by developing a Privacy Management Framework (PMF) and/or Privacy Management Plan (PMP).
A PMF outlines the key elements that contribute to privacy compliance and good practice, including:
- Leadership and culture
- Policies, procedures and systems
- Monitor and review
- Improvements and changes
The Office of the Australian Information Commissioner expects organisations to take the steps outlined in the PMF in order to meet their ongoing compliance obligations under the Privacy Act 1998 (Cth).
A PMP is a document that sets out specific, measurable goals and targets that describe how an organisation will implement the elements identified in a PMF.
With the commencement of the Australian Government Agencies Privacy Code on 1 July 2018, all federal agencies are required to have a PMP. NSW government agencies are also required by section 33 of the Privacy and Personal Information Protection Act 1988 (NSW) (PPIPA) to develop PMPs to ensure compliance with PPIPA and the Health Records and Information Privacy Act 2002 (NSW).
IIS can also help build the privacy strategy to provide your public or private sector organisation with the building blocks for trusted engagements with customers and citizens. A privacy and trust strategy provides a 'blueprint' for building trust and privacy from the beginning by:
- Identifying privacy and trust issues and opportunities
- Developing values that underpin decision making and communication strategies
- Building mechanisms for embedding a culture of privacy within the organisation
- Building mechanisms for embedding privacy by design into the development and implementation of ICT platforms and business processes
- Facilitating where appropriate, public engagement to achieve transparency and trust