NSW privacy framework offers support to public sector

The NSW privacy commissioner has launched the Privacy Governance Framework that outlines how the NSW public sector can embed good privacy practices within their organisation processes.

The New South Wales privacy commissioner has launched the Privacy Governance Framework, an online tool to provide support for the NSW public sector to ensure that personal information collected from the NSW community is protected and compliant with NSW privacy legislation, the Privacy and Personal Information Protection Act.

The Privacy Governance Framework (PDF), aimed at CEOs and senior executives, addresses five elements that it said will contribute to embedding "good" privacy practices within an organisation's processes. These five elements include setting leadership and governance, planning and strategy, program and service delivery, complaint incident management, and evaluation and report.

It also provides access to resources on how organisations can best manage information and risks associated with CCTV footage, ID scanning, and mobile apps, as well as protocol guidelines on how to handle privacy complaints.

NSW Privacy Commissioner Elizabeth Coombs said that the framework aims to demystify compliance with the NSW privacy requirements, and provides a "privacy by design" approach to assist public sector organisations to respond to increasing privacy matters raised by their customers.

"A clearer understanding of what is required when personal information is collected, used, disclosed, and disposed of will enable organisations to establish privacy management as an asset underpinning their corporate standing," she said.

The framework has been welcomed by authorities such as past High Court judge the Honourable Michael Kirby, who said that the initiative will "take privacy into the DNA of organisations".

Similarly, Service NSW CEO Glenn King also confirmed his support, stating: "Protection of personal information is a high priority for myself and all Service NSW employees. We have incorporated 'privacy by design' principles into our business processes and IT systems development, ensuring the protection of the personal information of the more than 7 million customers we have served. Strong privacy governance is an asset that increases corporate effectiveness."

During the annual summit of the International Association of Privacy Professionals ANZ (iappANZ) in Sydney on Monday, the Office of the Australian Information Commissioner (OAIC) released the government's Privacy Regulatory Action Policy , which explains the powers that are available to Privacy Commissioner Timothy Pilgrim, and formalises the approach he will take when using these powers.