The Office of the Australian Information Commissioner (OAIC) has released an updated privacy impact assessment (PIA) guide for public consultation following the Privacy Act changes which came into law today.
A PIA identifies the impact a project might have on the privacy of individuals, and sets out recommendations for managing, minimising or eliminating that impact.
Under the amended Act, Australian Privacy Commissioner Timothy Pilgrim will have the power to direct companies or government agencies to conduct PIAs.
- Cost of a Privacy Act breach could extend to ongoing audits: legal expert
- Some Australian businesses `unlikely’ to be ready for Privacy Act changes: survey
- New data privacy laws: What you need to do to comply
The <i>Guide to undertaking privacy impact assessments</i> provides companies and government agencies with a 10-step process for undertaking a PIA.
- Threshold assessment to see if a PIA is necessary
- Planning the PIA
- Describing the project
- Identifying the stakeholders
- Mapping information flows
- Privacy impact analysis and compliance check
- Privacy management – addressing risks
- Formulating recommendations
- Preparing the report
- After the PIA report – taking action to respond to recommendations raised by the report
Submissions can be sent to firstname.lastname@example.org. The deadline for replies is 28 March 2014.
Follow Hamish Barwick on Twitter: @HamishBarwick