Know your obligations
Ensure you understand your agency’s obligations under the Privacy Act and Australian Government Agencies Privacy Code and keep up to date with developments in privacy and changing legal obligations.
Anticipate how the Australian community expects you to handle their personal information and respond to their needs and concerns.
Update your plan
Use our resources to assess your privacy practices and set goals and targets. You must measure and document performance against your agency’s privacy management plan at least annually.
Assign privacy roles
Assign a member of your senior executive as your privacy champion to drive a strong privacy culture and have overall responsibility for privacy. Appoint privacy officers to be the first point of contact on privacy issues and coordinate activities to help your agency comply with the code.
Make sure staff know who your privacy champion and officers are and understand their responsibilities. You must also provide the contact details of your privacy officer to the OAIC.
Assess privacy risks
Assess privacy risks early. Undertake a privacy impact assessment for all high privacy risk projects. Make sure you record them on your published privacy impact assessment register.
Build in privacy by design
It’s more effective and efficient to manage privacy risks proactively. Design legislation, programs and services to eliminate, minimise or manage privacy risks. Ensure you build good privacy practices into internal systems and processes.
Secure personal information
Ensure secure systems are in place to protect personal information from misuse, loss and unauthorised access and disclosure.
Train your staff
Integrate privacy into staff training, conduct regular refreshers and ensure your whole team is aware of their privacy and security obligations. Make sure your staff also have all the information they need to protect their own privacy at work.
Prepare for data breaches
Have a clear and practical data breach response plan at hand so staff know what to do if there is a data breach. Treat all suspected data breaches seriously – it’s always best to be cautious.
Review your practices
Review your privacy practices and policy regularly. Make sure they meet community expectations, comply with the law, remain relevant and address any new risks.
Did you know?
Australian Government agencies have additional responsibilities under the Australian Government Agencies Privacy Code. The code requires agencies to take a best practice approach to privacy governance to help build a consistent, high standard of personal information management across all Australian Government agencies.
Become a PAW supporter
Becoming a PAW supporter gives your agency access to our supporter toolkit to help increase privacy awareness among your staff, community and stakeholders. It shows your commitment to good privacy practice and advancing the privacy rights of individuals.