The Information and Privacy Commission NSW has published a Privacy Self-Assessment Tool that can be used by organisations to self-assess the maturity of their privacy, information management and governance practices.
Strong leadership is key to establishing a culture of privacy protection in agencies. Executives who recognise the importance of good personal information handling in delivering services and building the trust of their clients, and actively encourage staff to embed privacy in their business processes, will make privacy core to the business and not just a compliance issue.
Agencies with a privacy positive culture:
* support and advocate a privacy positive culture as a priority from the Board and executive to all levels of the organisation
* have established, metrics-based privacy reporting processes
* support managers and staff by having strong governance structures that support reporting and managing privacy issues
* have data governance processes that address sensitive and high risk data
* promote privacy by design in all projects
* have on-going audit and monitoring processes in place
* provide training and support to ensure all staff are aware of their responsibilities and escalation processes
You can download the Privacy Self-assessment Tool at the IPC’s site here.