Skip to main content

Leadership

Leadership is 1 of 4 sections of the Privacy Maturity Assessment Framework (PMAF). There are 3 elements to assess in this section.

Before you start

It’s helpful to read:

To complete your agency’s self-assessment, download and use the 2 forms.

PMAF self-assessment forms

1. Effective oversight

Effective oversight for privacy practice through effective governance.

Guidance note

The success of an agency’s activities to build a privacy culture, develop privacy capability and implement its privacy programme requires governance and oversight by the senior leadership or executive team.

Ensuring that the privacy officer provides regular updates and is able to discuss the agency’s various privacy activities with the senior leadership or executive team, increases the likelihood of a successful, appropriate and efficient implementation of these activities.

An agency will have existing oversight structures and practices. These will be the natural starting point for designing and implementing effective oversight of privacy activities and the monitoring processes that support and enable effective oversight.

Criteria 1: Privacy reporting

Criteria 2: Privacy and risk management

2. Delivery of objectives

Delivery of objectives through management structure, roles and responsibilities, and the capacity to achieve these objectives.

Guidance note

To achieve the agency’s privacy objectives, a privacy officer or team relies on the structure of other teams and accountabilities to get suitable visibility of the progress of the privacy work programme. This visibility helps privacy officers or teams to:

  • accurately report to senior leadership on the privacy work programme’s progress
  • know when to provide privacy advice, support and direction to teams.

Project teams, planners and resource managers need to understand what and how they contribute to these objectives and know that these objectives are linked to organisational priorities.

It is essential to have the right resourcing, both in number and capability, for the senior leadership or executive team to have confidence that privacy objectives will be met. For example, the number of planned privacy-related tasks or activities in a work programme needs to be sufficiently resourced for the work programme to be successful.

Criteria 1: Responsibility and accountability

Criteria 2: Resourcing

Criteria 3: Oversight and visibility

3. Confidence in organisational progress

Confidence in organisational progress through appropriate monitoring and assurance practices.

Guidance note

The integration of monitoring and assurance practices with the conduct of privacy activities is a key element of good practice for the same reasons that monitoring and assurance are used in any other areas of an agency’s business.

Criteria 1: Privacy and assurance

Utility links and page information

Was this page helpful?
Thanks, do you want to tell us more?

Do not enter personal information. All fields are optional.

Last updated