Guidance on privacy management
The following guidance documents have been developed to support government agencies to improve their capability in managing personal information. They will also help agencies meet the core expectations set by the GCPO for privacy management and governance in the State services.
- Learning from privacy incidents - This document is an introductory guide to privacy incident analysis. It gives simple and practical advice to help agencies put processes in place to identify the underlying causes of privacy incidents (whether breaches or near misses). Learning from privacy incidents and developing solutions to mitigate the risk of future ones will help to prevent future harm.
- Learning from privacy incidents - WORD (.docx) version (495KB)
- Learning from privacy incidents - PDF version (253KB)
- Reporting privacy breaches – this document provides a tool to identify and report, internally or externally, on the scale and severity of privacy breaches and near misses. It aims to give agencies a tool to identify and report on the scale and severity of privacy breaches and near misses.
- Reporting privacy breaches – WORD (.docx) version (491KB)
- Reporting privacy breaches – PDF version (393KB)
- Privacy risk and opportunity identification – this document assists privacy practitioners to integrate privacy risk management into the wider organisational risk framework, and effectively work and communicate with their agency’s risk team/staff.
- Privacy risk and opportunity identification - WORD version (447KB)
- Privacy risk and opportunity identification - PDF version (695KB)
- Information privacy principles: descriptions and examples of breaches of the IPPs – this document provides examples of breaches of all twelve of the Information Privacy Principles in the Privacy Act 1993. The purpose of this guidance is to provide privacy practitioners with a tool to broaden the discussion on privacy risks and breaches within their agencies to cover all the IPPs, not just security and disclosure issues.
- Information privacy principles: descriptions and examples of breaches of the IPPs - WORD version (624KB)
- Information privacy principles: descriptions and examples of breaches of the IPPs - PDF version (935KB)
- Realising opportunities with personal information – this document provides insights, tools and approaches for realising the value of the appropriate use of personal information. It aims to demonstrate how agencies can put the customer at the centre of the design process while protecting their privacy and personal information.
Also available are:
- Hand out including the Privacy Opportunity Wheel and the Customer Centric Privacy Tool
- One-pager for Realising opportunities with personal information
- Click on image below to download PDF version (807KB)
The Office of the Privacy Commissioner also has valuable guidance and tools available, for example the Privacy Impact Assessment Toolkit and An A to Z of Approved Information Sharing Agreements (AISAs).
This page will be updated as new guidance becomes available.