Skip to main content

Privacy programme governance

Privacy programme governance enables an agency to set its programme direction and manage its operations to achieve its intended outcomes.

Purpose

The purpose of a privacy programme extends beyond compliance with the Privacy Act’s Information Privacy Principles. A privacy programme should also consider an agency’s wider obligations and build trust with the individuals whose personal information they collect and hold.

The main scope of a privacy programme are the activities that enable managing the full lifecycle of personal information from collection to deletion.

Understanding stakeholder expectations and the wider context that an agency operates within are important to governing a privacy programme effectively.

Good governance requires:

  • clear purpose for the privacy programme
  • defined roles and responsibilities
  • accountability
  • transparency
  • risk management
  • reporting, monitoring and assurance
  • continuous improvement.

Privacy programme goals

The goals of a privacy programme (at a minimum) are to:

  • ensure compliance with all applicable laws
  • promote trust and confidence
  • enhance the agency’s reputation
  • facilitate privacy programme awareness of staff, customers, clients, partners and service providers
  • reduce the risk of privacy breaches
  • enable effective response to privacy breaches
  • ensure regular monitoring, maintenance and improvement of the privacy programme.

Privacy governance components

A good privacy programme should include the following 4 documents, each of which should be regularly reviewed and updated.

Privacy mission statement

Privacy strategy

Privacy policy

Privacy statement or notice

Utility links and page information

Was this page helpful?
Thanks, do you want to tell us more?

Do not enter personal information. All fields are optional.

Last updated