Govt agencies will soon need privacy officers

Australian government agencies will need to develop and measure their performance against a privacy management plan and appoint a dedicated privacy officer under new obligations due to take effect in July next year.

The Office of the Australian Information Commissioner's (OAIC) new Australian Government Agencies Privacy Code was registered last month.

The code lays out key steps all agencies covered by the Privacy Act must take to ensure a best practice approach to privacy governance.

Under the code, agencies will be required to draw up a privacy management plan that identifies specific, measurable privacy goals and targets and sets out how the agencies will meet their privacy obligations. These goals and targets must be subject to at least annual performance measurements.

In addition, agencies will at all times need to have at least one designated privacy officer that will act as the primary point of contact for advice on privacy matters within an agency.

The officer will also handle internal and external privacy inquiries, complaints and requests for access to personal information, maintain records of an agency's personal information holdings and liaise with the OAIC.

Agencies will also need to have a privacy champion tasked with promoting a culture of privacy within the agency and providing leadership on strategic privacy issues.

The code also stipulates that agencies must conduct a privacy impact assessment for all high privacy risk projects — any project that involves any new or changed ways of handling personal information that are likely to have a significant impact on the privacy of individuals.

Finally, the code requires agencies to include appropriate privacy education or training in any staff induction program it provides and to conduct regular reviews and updates of their internal privacy practices.

Image credit: ©iStockphoto.com/Brian Jackson

Follow us and share on Twitter and Facebook