Evaluation, internal and external oversight
| Evaluation, auditing and reporting |
|---|
Agencies should ensure that there are adequate processes in place to track and measure privacy performance. The identifiable privacy performance measures should then be reported to the agency leadership in accordance with the agency’s risk management processes. Auditing and risk functions should ensure that privacy is part of the audit process within the agency, ensuring that its policies and processes are regularly reviewed, up to date, and fit for purpose. Additionally, agencies need to ensure they comply with regulatory oversight and NSW Government accountability mechanisms.
Agencies should have in place metrics and processes in place to collect data to track privacy management and the maturity of their privacy program over time. This can help support business cases for additional resourcing, demonstrate improved privacy maturity and/or show areas of weakness and opportunity. Importantly, it can also assist in building the overall operational resiliency of the agency.
Read next: Evaluation, internal and external oversight - Checklist
