Media release: Follow-up audit of awareness of privacy obligations

Queensland’s Office of the Information Commissioner’s follow-up audit report on Awareness of privacy obligations has been tabled in Parliament on 23 March 2021.

This report details the progress three government agencies have made in implementing the recommendations of OIC’s 2018-19 audit. Our audits have helped agencies entrusted with personal information improve their practices to minimise the risk of harm to the community.

An inadvertent or deliberate disclosure of personal information can have serious consequences for the individual whose privacy has been breached, the agency concerned and the employee.

One risk mitigation strategy agencies can adopt is to train and educate their employees about information privacy and information security obligations and expectations.

Queensland Information Commissioner Rachael Rangihaeata said, “By implementing all recommendations, the agencies have improved the effectiveness of their training and education. This will help mitigate information privacy and security risk.”

The three agencies now mandate periodic refresher training and have set up systems and processes to monitor and report on completed training. They have also updated their training material to better reflect policies and procedures and include practical scenarios.

“Ensuring government employees have appropriate education and training is critical, and a relatively simple risk management strategy for agencies. Human error is still a key factor in privacy breaches and security risks that can have serious consequences for everyone involved,” Ms Rangihaeata said.

The Information Commissioner reminds other Queensland government agencies to assess their own progress in implementing the four recommendations to all agencies in the 2018-19 report, and take appropriate action to protect the community from harm.

Read the full report here

Media contact:
Steve Haigh, Manager Training and Stakeholder Relations