The government agency that holds statistical and personal information on nearly every Australian is looking to up its privacy game, seeking a panel of suppliers to provide expertise in, and services around, privacy.
The Australian Bureau of Statistics (ABS) has published a Request for Tender (RFT), calling for submissions from external parties to help it with Privacy Impact Assessments (PIAs), non-legal privacy advice, and privacy-related training, among other things.
The ABS is seeking to enter into a deed of standing for an initial period of three years, with options to extend the panel for another two years in 12-month blocks.
All other Australian government entities may access any deed of standing offer resulting from the RFT.
In particular, the categories of service flagged by the ABS as required to support the work it does, includes help with conducting PIAs, specifically around the identification of the personal information flows in projects and activities.
Successful panellists will be required to help the ABS with legislative and regulatory compliance obligations; the identification of risk areas and assistance with removing, minimising, or mitigating any privacy risks; assuring that the ABS addresses the concerns of privacy regulators and the greater community; and the production of a draft PIA and final documentation, including monitoring of the implementation of the PIA document.
For projects, the ABS is seeking non-legal privacy advice, including help with the identification and analysis of the "possible positive or negative impacts on an individual's privacy resulting from projects and activities including development of legislation, surveys and other statistical activities".
It also wants a vendor to provide non-legal advice on proposed documents and processes for complying with requirements under the Privacy Act 1988 and Australian Privacy Principles.
The ABS is also seeking privacy advice in relation to other Australian privacy legislation, including the Notifiable Data Breach scheme, which requires all agencies and organisations in Australia that are covered by the Privacy Act to notify individuals whose personal information is involved in a data breach that is likely to result in "serious harm", as soon as practicable after becoming aware of a breach.
The RFT also states the ABS wants a vendor to provide independent assurance of data security approaches, including around social licence for data use. Specifically, it wants the production of public assurance statements on the handling of personal information and management of privacy for "identified and proposed activities".
Submissions to be included on the ABS' Privacy Services Panel close on November 26, 2018.
After the confluence of failure that was the 2016 Census at the hands of IBM, the Australian Bureau of Statistics has again turned to the market to help it deliver the next one 'successfully'.
Given a go-live date from Prime Minister Malcolm Turnbull of around four weeks, the Australian Bureau of Statistics turned to AWS to run the online and call centre components of the same-sex marriage survey in the public cloud.
Lawyers, accountants, and management types are the most likely to click on phishing links, according to the Notifiable Data Breaches report for July to September.
The California-based storage and data management company said it's important for organisations to draw distinctions between security and privacy, as one won't protect against the other, especially in a courtroom.
Human rights advocates have called on the Australian government to protect the rights of all in an era of change, saying tech should serve humanity, not exclude the most vulnerable members of society.