This 1/2 day hands-on workshop helps participants understand how to prepare for and carry out a privacy impact assessment (PIA) in their own organisations.
A privacy impact assessment represents an innovative approach to managing the risks associated with privacy practices at an early stage of developing new products or services or making significant changes to business operations. This course covers both the theory behind PIAs as well as offering participants practical experience in completing a PIA through the hands-on exercise.
The importance of PIA is recognised in Australia’s Privacy Act which gives the Australian Privacy Commissioner the power to direct government agencies to undertake a PIA. The Commissioner recommends that all organisations consider undertaking a PIA as part of their obligations to secure personal information and ensure compliance with their Privacy Act obligations. PIAs are also an important part of the Privacy Commissioner’s recommended Privacy Management Framework.
This workshop commences with an overview of relevant provisions of the Privacy Act 1988 (Cth). It then provides a general outline of the PIA process, before focusing on the following key stages of a PIA in detail:
Project description: describe the project
Data Flow Mapping: describe and map the flows of personal information (internally and external to the organisation) and document relevant legislative and organisational rules.
Privacy impact analysis: analyse impacts on privacy.
Privacy management: consider alternative options that may improve privacy outcomes.
Recommendations & Report: produce a final report that considers the next steps for eradicating or mitigating the privacy risks.
The class will finish with a workshop based on a real life scenario, giving all attendees an opportunity to apply the theory in a practical environment.