In the midst of a global pandemic in an increasingly interconnected digital world, safeguarding personal information is more important than ever.
Phil Green, Privacy Commissioner from the Office of the Information Commissioner Queensland, shares his top tips to help your agency keep personal information safe—helping to build customer confidence and public trust. These tips also support recommendations from the Crime and Corruption Commissions’ recent report Operation Impala – A report into misuse of confidential information in the Queensland public sector.
- Build in privacy by design. Make privacy a priority within your agency by building it in from the start. Adopting a 'privacy by design' approach means designing your projects, products and services to minimise, manage or eliminate privacy risks. You should also embed good privacy practices into internal systems, decision-making and processes.
- Embed a privacy champion at a senior level. A strong leadership commitment to embed a privacy-aware work culture is paramount to making privacy a priority. Having a privacy champion at the senior executive level helps bring privacy to the fore and incorporates privacy by design into executive decision-making processes. Good privacy governance will help your agency manage both the risk of a privacy breach, and your response.
- Prioritise staff training. Agencies need to train all staff about right to information, information privacy and information security in their mandatory induction process. Training should be comprehensive, contemporary, tailored to the agency’s context, and even particular issues faced by workgroups.
- Conduct Privacy Impact Assessments (PIAs) and make them publicly available. PIAs identify how projects can impact on an individual’s personal information and recommend how to mitigate those identified risks. Building PIAs into taxpayer funded projects and initiatives can also help increase trust with the community.
- Reduce the risk of data breaches caused by human error. Human error is the cause of more than 1 in 3 data breaches. That includes emailing personal information to the wrong recipient, failing to BCC on group emails, and the unintended release or publication of personal information. Reduce the risk of a human error data breaches by educating staff and putting controls in place.
So, let’s make privacy a priority in the workplace. Keeping this top of mind will help build greater trust and transparency with Queenslanders in how we collect, use and store personal information and deliver services. Everyone in the workplace has a role to play when it comes to privacy.
For more information about privacy rights and responsibilities, visit the Office of the Information Commissioner's website.