adaptbl is proud to be supporting the Office of the Australian Information Commissioner’s Privacy Awareness Week campaign for 2024. This year’s theme, power up your privacy, focuses on privacy and technology and the key principles of transparency, accountability and security.

We encourage all businesses and Government agencies to consider undertaking a privacy impact assessment (PIA) – being a systematic assessment of a project that identifies potential privacy impacts and recommendations to manage, minimise or eliminate them – for their technology projects, particularly projects involving significant volumes of sensitive personal information.

For Commonwealth Government agencies, conducting a PIA will help facilitate a privacy-by-design approach, reduce privacy risks associated with projects and ensure compliance with the Privacy (Australian Government Agencies — Governance) APP Code 2017 (Cth) (Code), which requires a PIA to be complete for all high privacy risk projects – that is, projects involving new or changed ways of handling personal information that are likely to have a significant impact on the privacy of individuals.

While non-government entities are not currently captured by the Code, in the Government Response to the Privacy Act Review Report the Government agreed-in-principle that non-government entities should also be required to conduct a PIA for activities with high privacy risks. Undertaking a PIA for new projects will help ensure non-government entities manage privacy risks appropriately, whilst also easing their transition to the proposed future legislative state.  

The use of personal information helps us to deliver better products or services, but where privacy risks are not managed appropriately, harm to individuals can be significant. With this in mind, we wanted finish with a couple of practical tips to help your organisation ‘power up your privacy’:

• set up multi-factor authentication wherever possible;

• require the use of long, unique passphrases, instead of a password;

• ensure staff double check recipient details and attachments are correct before sending emails;

• undertake PIAs and build them into the project planning phase, rather than being an afterthought; and

• be vigilant with respect to how your third-party suppliers manage their own privacy risks.

If your organisation needs assistance with a PIA, privacy training or general privacy advice, please reach out to our information law experts James Pratt (james.pratt@adaptbl.com.au or 0423 368 823) or Geoff Adams (geoff.adams@adaptbl.com.au or 0404 608 231) to discuss.