Media release: Audit of awareness of privacy obligations
Queensland’s Office of the Information Commissioner’s audit report on awareness of privacy obligations was tabled in Parliament today (12 February 2019).
This report presents our findings on how three government agencies educate and train their employees about their privacy obligations.
The report makes recommendations to all government agencies.
The Information Commissioner Rachael Rangihaeata said, “Agencies have an obligation to protect and respect the personal information they collect, use, store and share. All employees play a central role in meeting this obligation.”
People continue to cause or contribute to a substantial proportion of privacy breaches by organisations. These human errors can have serious consequences for the individual whose privacy the agency breached, the agency concerned and the employee.
One mitigation strategy agencies can adopt is to train and educate their employees about information privacy and information security obligations and expectations
“ The community expect government agencies to take reasonable steps to safeguard their personal information.”
“Ensuring government employees have appropriate education and training is critical, and a relatively simple risk management strategy for something that can have serious consequences for everyone involved.”, Ms Rangihaeata said.
Agencies need to:
- consider the privacy risks of their various functions and identify education and training as a risk mitigation strategy
- ensure training content is comprehensive, accurate and relevant to the context of the agency
- ensure training is mandated at induction and at regular intervals during the employee’s employment with the agency
- have systems and processes to enrol employees in the training module and identify and follow up employees who do not complete training within the prescribed period.
Media contact: Steve Haigh, Manager Training and Stakeholder Relations
Phone: (07) 3234 7373