OAIC releases privacy impact assessment guide for consultation

The Office of the Australian Information Commissioner (OAIC) has released an updated privacy impact assessment (PIA) guide for public consultation following the Privacy Act changes which came into law today.

A PIA identifies the impact a project might have on the privacy of individuals, and sets out recommendations for managing, minimising or eliminating that impact.

[

Learn how CIOs are redefining IT risk. | Sign up for CIO newsletters.

]

Under the amended Act, Australian Privacy Commissioner Timothy Pilgrim will have the power to direct companies or government agencies to conduct PIAs.

Cost of a Privacy Act breach could extend to ongoing audits: legal expert

Some Australian businesses `unlikely’ to be ready for Privacy Act changes: survey

New data privacy laws: What you need to do to comply

The lt;igt;Guide to undertaking privacy impact assessmentslt;/igt; provides companies and government agencies with a 10-step process for undertaking a PIA.

These include:

Threshold assessment to see if a PIA is necessary

Planning the PIA

Describing the project

Identifying the stakeholders

Mapping information flows

Privacy impact analysis and compliance check

Privacy management – addressing risks

Formulating recommendations

Preparing the report

After the PIA report – taking action to respond to recommendations raised by the report

Submissions can be sent to consultation@oaic.gov.au. The deadline for replies is 28 March 2014.

Follow Hamish Barwick on Twitter: @HamishBarwick

Follow CIO Australia on Twitter and Like us on Facebook… Twitter: @CIO_Australia, Facebook: CIO Australia, or take part in the CIO conversation on LinkedIn: CIO Australia

Next read this

Top 7 challenges IT leaders will face in 2022