Guidance on privacy management

The following guidance documents have been developed to support government agencies to improve their capability in managing personal information. They will also help agencies meet the core expectations set by the GCPO for privacy management and governance in the State services.

Also available are:

Realising opportunities with personal information in a privacy friendly way:Personal information is being collected, used, analysed and shared in ever increasing quantities. This presents unprecedented opportunities to unlock the value of these information assets and realise opportunities for delivering more effective and efficient services to make a real difference for New Zealanders. Here are some steps to help you realise these opportunities in a privacy friendly way.
1. Getting started: First understand and profile your projected change to determine if it involves personal information. If personal information is involved, determine the opportunity you are trying to realise or the risk you are trying to manage. The Privacy Opportunity Wheel can help you do this. 
“Customers want quality services as much as they want their information protected. This is not about a tick box exercise, but a measured assessment of how to best balance protection and use. After all people generally only share their information to get a service.” – Deloitte Privacy Survey, 2015
(Arrow points to Privacy Opportunity Wheel)
2. Reaching out
Now discuss the following with your project manager or change leader:
- Getting the most value out of personal information; 
- Meeting your customers’ expectations on information;
- Understanding the legal and policy landscape; 
- Engaging with the privacy officer;
- Who the stakeholders are with regards to personal information.
3. Detailed design
With input obtained from across your agency, design the business changes your project will deliver from your customers’ perspective while at the same time ‘baking privacy in’. The Customer centric privacy tool helps you to do this.
(Arrow points to 'Customer Centric Privacy' table)
4. Implementation and after
Finally prior to go live / implementation, do the following:
- Check that the opportunities identified will be realised; 
- Gain confidence over what is being delivered and that any risks have been mitigated;
- Put in place a handover plan for when the change is operational.
For more information on this (and to see large scale images), please refer to the Government Chief Privacy Officer’s Realising opportunities with personal information booklet on https://psi.govt.nz/privacyleadership

The Office of the Privacy Commissioner also has valuable guidance and tools available, for example the Privacy Impact Assessment Toolkit and An A to Z of Approved Information Sharing Agreements (AISAs).

This page will be updated as new guidance becomes available.

Page last updated: 09/05/2016