by Shahida Sweeney

NSW government launches privacy governance framework

Nov 17, 20144 mins

New South Wales Privacy Commissioner, Dr Elizabeth Coombs, has unveiled new guidelines that clarify steps to protect citizen data. These guidelines reinforce moves to protect personal information and comply with the state’s privacy guidelines.

Dr Coombs told an international Privacy@ Play conference in Sydney that an expanded Privacy Governance Framework requires departments and agencies to focus on “clever thinking” to protect personal information and comply with privacy laws.

This framework is supported by online tools and will build awareness at all levels of project planning and service delivery. An executive strategy is tailored to senior managers who want to build their reputation and branding.

“The key components of new guidelines focus on governance and leadership, planning and strategy, evaluation and reporting and managing complaints,” Dr Coombs said.

In a follow-up statement, Dr Coombs noted that a key consideration is to establish a privacy governance framework that address the information protection principles within NSW privacy legislation. “These ensure that operations correspond to this regime.”

New South Wales’ privacy governance framework moves the focus from a solely reactive compliance approach to a proactive privacy-by-design approach.

“As NSW public sector organisations increasingly respond to privacy matters raised by their customers, the Privacy Governance Framework will provide a ‘privacy by design’ approach to assist them to respond to these challenges,” Dr Coombs said.

The online tools provides access to resources and tools in one place, she said. These will enable agencies to quickly access the materials needed to manage personal information.

The new guidelines are not mandatory but consolidate the framework around New South Wales’ Privacy and Personal Information Protection Act (1998).

This law encompasses public sector agencies, statutory authorities, universities, NSW local councils, and other bodies whose accounts are subject to the Auditor General. A related Health Records Information Privacy Act (2002) covers privacy guidelines for health-related data.

Dynamic privacy management tools

The Privacy Governance Framework is a dynamic online privacy tool developed to help NSW public sector agencies manage privacy and to comply with the state’s privacy legislation.

This framework targets CEOs and senior executives while emphasising the need to be “privacy-aware” at all levels of the organisation, points of service or project planning and programme delivery.

Dr Coombs noted that senior executives need to be more conscious about managing personal information. Protecting this information, increasingly seen as an organisational asset, will contribute to agency success and reputation.

Allan Chiang, Privacy Commissioner for Personal Data, Hong Kong, told delegates that a new guide to governance helps senior executives take a privacy-focused approach to managing data assets.

“This is proactive rather than reactive. It moves beyond compliance solely, to using privacy to win an organisation’s trust with stakeholders including staff and customers,” Chiang said.

Glenn King, CEO of Service NSW, reinforced his support for new privacy guidelines. He noted that protecting personal information is a high priority.

“We have incorporated ‘privacy by design’ principles into our business processes and IT systems development,” he said.

“These ensure protecting the personal information of the more than seven million customers. Strong privacy governance is an asset that increases corporate effectiveness.”

A robust privacy governance framework is critical to building relationships with citizens and stakeholders. The focus is to set leadership goals and benchmarks, report on progress and streamline the complaints handling systems.

New South Wales privacy reforms are built around Information Protection Principles. These are built around ‘information life cycles.’

These cycles track agencies’ collection of personal information, as well as the processing, storage, sharing and disposal of data.

These principles are complemented by other checks such as codes of practice, managing privacy plans and a detailed handling of complaints.

Follow Shahida Sweeney on Twitter: @ShahidaSweeney

Follow CIO Australia on Twitter and Like us on Facebook… Twitter: @CIO_Australia, Facebook: CIO Australia, or take part in the CIO conversation on LinkedIn: CIO Australia