Event Recap: Privacy governance public forum
On 16 May 2019, as part of Privacy Awareness Week 2019, OVIC hosted a public forum which looked at privacy governance. The forum explored what good privacy governance means in the context of public sector organisations of different sizes and sectors, and how good privacy governance can be achieved at all levels of an organisation.
OVIC was pleased to welcome three expert guest speakers, who provided brief presentations on what privacy governance looks like in their organisations:
- Marko Jovanovic – Group Manager – Privacy and Data Governance for the Australia Post Group
- Megan Fincher – Manager, Information Privacy at the Department of Justice and Community Safety
- Cameron Montgomery – Executive Manager Safety, Risk and Compliance Services at the City of Ballarat
Federal, state and local – privacy governance in different contexts
Australia Post
In his presentation, Marko underlined that a fundamental part of privacy governance at Australia Post is trust – trust from consumers that Australia Post will use their personal information appropriately.
Speaking to Australia Post’s Digital iD service, Marko discussed the importance of adopting a privacy by design approach to embed privacy considerations at an early stage of projects and throughout – ensuring that privacy by design is iterative and ongoing. For Digital iD, this included stakeholder consultation to ensure that the final product is one that will be used and trusted.
Department of Justice and Community Safety
While privacy governance ultimately rests with the executive, Megan discussed how the Department has built a network of privacy-focused staff to embed privacy governance across the whole organisation.
Megan outlined that the Department has privacy coordinators and contact officers, who are ground level staff responsible for privacy compliance and who have privacy KPIs built into their professional development. These staff are selected for the role based on their knowledge of the relevant business unit and their ability to identify potential privacy risks based on that subject matter expertise. To help support staff, Megan outlined that the Department has a tool kit for privacy coordinators and contact officers, which includes resources, tip sheets and various templates.
City of Ballarat
Cameron commented that local government is interesting from a privacy perspective due to its many touch points with the community and the number of volunteers it has. As such, it’s imperative that everyone in the organisation understands privacy impacts and how to manage personal information.
Cameron discussed the importance of starting at the top and having the executive set a vision for the organisation’s privacy goals and set a privacy framework. From there, organisations should look to build a network of staff with responsibility for privacy, communicate those privacy responsibilities to the whole organisation, and make privacy business as usual.
Exploring privacy governance further – the panel discussion
Following the presentations, Marko, Megan and Cameron participated in a panel discussion chaired by Information Commissioner, Sven Bluemmel, which explored privacy governance further. Panel members discussed topics such as privacy impact assessments, privacy champions, de-identified data, and managing an organisation’s privacy obligations when contracting with third parties.
Thank you to our guest speakers and everyone who attended the public forum on the day or watched the live stream.
If you weren’t able to attend, or wish to watch the forum again, a recording of the event is available on OVIC’s Periscope channel.