It’s Privacy Awareness Week! Privacy Awareness Week is an annual initiative of the Australian Office of the Information Commissioner that aims to helps organisations, agencies and the general public navigate the privacy landscape and better understand how they can help protect personal information.
Sainty Law is a proud supporter of Privacy Awareness Week. The below article has been prepared to help your organisation understand 5 key things it needs to be aware of when taking the first few steps to ensuring privacy compliance.
- Understand your compliance obligations
The privacy compliance landscape is extensive so it’s important to know exactly what legal obligations your organisation has. From federal legislation such as the Privacy Act 1988 (Cth) (Privacy Act) to state based legislation such as NSW’s Privacy and Personal Information Protection Act 1999 (NSW), there are a number of privacy regimes which may apply to your organisation.
If your organisation operates across borders it may also need to comply with other regimes such as the EU or UK General Data Protection (GDPR) or the California Consumer Privacy Act. These regimes are complex and continuously evolving. Understanding your privacy obligations and their interaction with other legislation is the first step in ensuring your organisation’s overall privacy compliance.
- Be transparent
- Nominate a Privacy Officer
If your organisation has extensive data flows, it may be worthwhile nominating a Privacy Officer. Some organisations, such as government agencies captured under the Privacy Act, are legally required to have a Privacy Officer. Privacy Officers play a critical role in assessing privacy risks, and ensuring that your organisation adheres to legislative obligations. They effectively operate as the ‘point person’ when it comes to your organisation’s privacy compliance.
- Develop and implement internal policies and procedures
Privacy compliance can be daunting given the complex regulatory landscape. We recommend that organisations develop and implement a suite of privacy compliance policies and procedures. These policies and procedures will depend on your organisation’s unique needs and requirements but are ultimately designed to ensure that the data lifecycle of the personal information your organisation handles is safeguarded and managed lawfully and ethically. For example, what will you do if your organisation experiences an actual or suspected data breach or if a customer requests that their personal information is accessed, amended or deleted? We can help you develop a series of policies and procedures to address these questions and more.
- Ensure staff members are adequately trained
Privacy compliance needs to be embedded within an organisation and not simply championed by a Privacy Officer or documented in a series of policies. We recommend that entities dealing with large amounts of data ensure their staff is appropriately trained so they know exactly how the organisition treats personal information. It is critical that staff members understand any policies an organisation adopts, the significance behind them and importantly, how to action them.
Sainty Law has significant experience in privacy law and can provide you pragmatic solutions when it comes to privacy compliance. Get in touch with us today.