Embed and support a privacy aware culture
Good privacy practice stems from good privacy governance. Embedding a culture that respects privacy helps an agency manage compliance and reduces the risk of privacy breaches.
To embed and support a culture of privacy that values personal information an agency should make a commitment to:
- publish Privacy Impact Assessment’s and privacy policies to improve trust and confidence through transparency. Read more about proactive disclosure and publication schemes, and Privacy Impact Assessments.
- assign key roles and responsibilities for privacy and data protection, including embedding a ‘privacy champion’ at a senior level and the management of privacy complaints, through clear and up-to-date privacy policies, breach response protocols and training. These support recommendations from the Crime and Corruption Commission’s Operation Impala report. Read more about the report and recommendations.
- adopt a ‘privacy by design’ approach by building privacy into programs and projects from inception through to implementation. Read more about building privacy into programs and projects.
- measure and report on privacy performance to drive continuous improvement in practices, procedures and systems. Read more on measuring implementation of Right to Information and Information Privacy.
- educate employees by integrating privacy and data protection training into induction and ongoing staff training programs, including the serious consequences for misuse of personal information. Find out more about information access and privacy training.
All public servants have a role to play when it comes to protecting personal information and data. When an agency fosters a privacy respectful culture it can build trust and confidence in their staff and the services they deliver to the community.