Keeping personal information safe
The Queensland Government is committed to handling personal information in accordance with the privacy principles in the Information Privacy Act 2009 (IP Act). Individuals expect that their personal information will be handled sensitively and carefully by the government. Non-compliance with the privacy principles can cause reputational damage to an agency and economic loss if an agency is required to compensate an individual for damage suffered as a result of a privacy breach.
Advice
The IP Act is complex and the landscape for privacy compliance is constantly changing. I specialise exclusively in privacy law for Queensland government agencies. Non-compliance with privacy requirements can have significant impacts on individuals, the responsible agency and staff. I provide clear and practical advice to help your agency navigate the privacy issues arising from your everyday business needs.
Previous advice includes:
- Designing and updating Privacy policies for agencies
- Advising on the use of personal information in databases; and
- Designing procedures for the transfer of personal information overseas.
Privacy Breach and Complaint Management
A privacy breach occurs when an agency fails to comply with the one of the privacy principles. All privacy breaches should be assessed to determine scope and seriousness. I can work with your team to immediately investigate the breach, assess the risks associated with the breach and outline appropriate action. Importantly, I will help your agency identify if the breach is a result of accidental human error or a systemic problem resulting from work practices and develop processes to prevent the breach occurring again. I will also assist in identifying whether it is necessary to notify the individual whose privacy may be affected by the breach.
Successful management of a privacy complaint can save a government agency significant resources. I will work with your agency and the complainant to investigate the complaint and attempt to find a resolution that is satisfactory for both parties.
Contracted Service Providers
It is becoming increasingly common for government agencies to contract with external entities to perform a function or provide a service on their behalf. However, if the external entity you are engaging is going to manage personal information of individuals on your agency’s behalf, your agency must take all reasonable steps to bind the entity to comply with the privacy principles under the Information Privacy Act. If your agency fails to do this, and there is a breach of privacy by the external entity, your agency will be held responsible.
I provide the following services to help agencies correctly work with and bind their service providers:
Training
I offer specific privacy training for service providers or entities wanting to become service providers to the government. The training gives an overview of the privacy obligations when working with government.
Contract Review
I review the contract between an agency and service provider to ensure it is sufficient to bind the service provider to comply with the privacy obligations.
Processes & Procedures
I work with an agency to create a documented process around information sharing between a service provider and agency, including when a service provider may need to transfer personal information overseas.
Audit
Privacy compliance is an important aspect of agency management. Privacy audits compare the practices and procedures of your agency with the Information Privacy Act 2009. The audit will highlight any issues in your agency’s privacy management and allow you to rectify them before privacy breaches or complaints occur.
We recommend you undertake an audit annually. Depending on the size of your agency, I can conduct the audit for the whole agency or individual business unit where privacy management issues have been identified.
If you engage my services, it will be undertaken as follows:
Stage 1: Audit
I review the systems and processes used by your agency when handling personal information. I provide a report with the results of the audit and, if necessary, make recommendations for improvement.
Stage 2: Implementation
I work with you and your team to implement the recommendations from the report.
You can decide whether you wish to proceed to stage two or stage two can be implemented internally within the agency.
Types of Training offered
Staff Training
I believe that training public servants on the privacy principles and their obligations when handling personal information is vital to ensure your agency’s compliance with the IP Act.
To assist government employees in understanding and complying with the privacy principles, I have created a 15 minute training video. These can be purchased via a yearly licence or individually per staff member.
Yearly Licence
Purchase a licence to use the videos for a year. Videos can be watched by agency employees an unlimited number of times and can be used in induction processes.
Individual Purchase
Videos can be individually purchased for staff. The videos must be streamed on the RTI Consultants website.
Your Cart