‘Information privacy’, ‘data privacy’ or ‘personal information’ (PI) concerns information that identifies an individual, or that has the potential to identify an individual. PI is, therefore, valuable to your organisation and can be sensitive.
People – and the law – require PI to be respected and protected. But this can’t happen without information security and the ability to apply law to the physical and logical realities of information systems and architectures.
Public and private sector organisations in Australia must comply with laws regulating PI ‘processing’. This includes any operation performed on PI, by automated or other means, such as:
- collection, use and recording;
- organisation and structuring;
- storage, consultation or retrieval;
- adaptation or alteration;
- disclosure by transmission;
- dissemination or otherwise making available;
- alignment or combination; and
- restriction, erasure or destruction.
Almost every business processes PI. It is invariably transferred across numerous international boundaries, meaning that privacy compliance is an international matter, requiring knowledge of laws in many jurisdictions. And, in the event of unauthorised access, disclosure or loss of PI, organisations must notify regulators and affected individuals.
At Sladen Legal, we believe privacy compliance and risk management should begin with the creation of a privacy strategy. This provides a clear framework for the implementation of information privacy compliance and risk management across your operations.
Our experience tells us this strategy is crucial to the successful delivery of a privacy framework, and to the subsequent program of work (or privacy plan) leading to operational efficiencies and business benefits.
We have a three-phase methodology:
- analysis and assessment;
- delivering your privacy strategy; and
- building and implementing your privacy program.
After the three-phase process, we assist you to:
- build your privacy team;
- assess risks and establish communication channels;
- design and implement (internal and external) operational controls;
- manage and enhance the controls (Plan–Do-Check-Act);
- demonstrate ongoing compliance and risk mitigation; and
- achieve continual improvement (maturity model).