New privacy impact assessment resources
Privacy impact assessments (PIAs) are an important tool for all Victorian public sector organisations – they help to assess the privacy impacts of new projects, processes, systems and programs, identify potential privacy risks, and develop mitigation strategies to address those risks before the project or program commences. PIAs can also be used to check whether a project or program is likely to comply with relevant privacy laws.
PIAs are often seen as a compliance exercise, but the truth is they’re more than just about checking boxes. PIAs are about improving organisational practice, demonstrating respect for individuals’ privacy, and promoting privacy within an organisation. PIAs can also promote public trust and confidence in organisations – individuals are more likely to trust and engage with organisations that respect their personal information.
These are all great benefits from doing a PIA. But one of the most important reasons to do one is for the benefit of the individual whose personal information is being collected and used – PIAs are a good way to identify and mitigate potential privacy risks that may come to your organisation, but importantly, the risks to individuals as well.
To promote the idea that PIAs are more than compliance exercises, OVIC has updated its PIA template to encourage organisations to consider privacy and information management more broadly, beyond the requirements under the Information Privacy Principles of the Privacy and Data Protection Act 2014 (PDP Act).
OVIC has also developed an accompanying guide to assist individuals completing the PIA template. The accompanying guide provides guidance and considerations in relation to the questions contained in the template. Both resources are aimed at Victorian public sector organisations covered by the PDP Act, however they may assist anyone undertaking a PIA.