Privacy program

Privacy Governance Framework - Privacy program Image

A privacy program provides a structured system to enable your organisation to comply with privacy regulatory requirements and ensure a transparent and open governance approach whatever the business practice or technology involved. Processes, procedures and policies need to be tailored to the individual functions and activities an organisation undertakes and should be reviewed periodically.

The foundation stone of the privacy program is the Privacy Management Plan, in which each public sector agency describes the strategic plan and measures it proposes to take to ensure that it complies with the PPIP Act, including the requirements under the MNDB Scheme, and the HRIP Act. Each NSW public sector agency must have a Privacy Management Plan and provide a copy to the NSW Privacy Commissioner. It should also be made publicly available on the agency’s website and made available in other ways on request.

The privacy program enables each agency to manage multiple privacy priorities and projects including privacy-led initiatives, projects involving technology system changes or implementation of new technologies that store or use personal and/or health information.

The benefits of a privacy program include:

  • Systematic approach to privacy projects, initiatives and priorities.
  • Proactively managing personal information and improving personal information lifecycle management from collection to disposal throughout the agency.
  • Implementing privacy-by-design, through Privacy Impact Assessments (PIAs) to ensure that privacy impacts are built into projects, proposed system changes, or new technologies including artificial intelligence (AI), that use and/or store personal information. PIAs should be reviewed and updated when material changes occur.
  • Communicating material changes to policies, procedures and practices to employees and relevant stakeholders.
  • Reducing risks of regulatory breach through the systemic and proactive approach implemented by the agency to comply with the PPIP Act and the HRIP Act.
  • Reducing the risk of data breach by implementing the measures and systems required under the MNDB Scheme.
  • Continual monitoring of the privacy program and its components.
  • Evaluating and reporting on privacy performance within the agency as part of the agency’s overall risk management, see the Evaluation, auditing and reporting section. 

Read nextPrivacy program - Checklist

Download the Framework and Guide