This 1/2 day hands-on workshop helps participants understand how to prepare for and carry out a privacy impact assessment (PIA) in their own organisations.
A privacy impact assessment represents an innovative approach to managing the risks associated with privacy practices at an early stage of developing new products or services or making significant changes to business operations. This course covers both the theory behind PIAs as well as offering participants practical experience in completing a PIA through the hands-on exercise.
The importance of PIA is recognised in Australia’s Privacy Act which gives the Australian Privacy Commissioner the power to direct government agencies to undertake a PIA. The Commissioner recommends that all organisations consider undertaking a PIA as part of their obligations to secure personal information and ensure compliance with their Privacy Act obligations. PIAs are also an important part of the Privacy Commissioner’s recommended Privacy Management Framework.
This workshop commences with an overview of relevant provisions of the Privacy Act 1988 (Cth). It then provides a general outline of the PIA process, before focusing on the following key stages of a PIA in detail:
- Project description: describe the project
- Data Flow Mapping: describe and map the flows of personal information (internally and external to the organisation) and document relevant legislative and organisational rules.
- Privacy impact analysis: analyse impacts on privacy.
- Privacy management: consider alternative options that may improve privacy outcomes.
- Recommendations & Report: produce a final report that considers the next steps for eradicating or mitigating the privacy risks.
The class will finish with a workshop based on a real life scenario, giving all attendees an opportunity to apply the theory in a practical environment.
This workshop includes the following:
- 3.5-hours of instructor led tuition plus workshop
- 100% up-to-date material
- Comprehensive course notes including additional reference materials
- Template PIA Report
Topics covered include:
- Privacy Legislation (Commonwealth)
- Privacy Impact Assessments
- Data Flow Mapping
- Security Risk Assessments
- Case Study
This course is directed at information security professionals, as well as legal practitioners who are interested in privacy. It is also of relevance to risk managers, auditors, internal legal counsel and anyone interested in understanding and managing privacy risks.
The course will be delivered by Dr Jodie Siganto, PhD, CISSP. Jodie graduated as a lawyer and after 8 years in private practice took the position of in-house counsel for Tandem Computers followed by roles with Unisys Asia and Dell based in Singapore. She returned to Australia in 2000, establishing Bridge Point Communications (specialists in data networking and security) with two other colleagues. She is currently a director of IT Security Training Australia, an (ISC)2 educational affiliate, specializing in the delivery and development of both privacy and IT security related training courses around Australia. Jodie is also a partner in technology law firm Ringrose Siganto. Jodie has completed a PhD at QUT which examined the Privacy Commissioner’s exercise of powers in relation to NPP 4 (now APP 11) and the extent to which that is supportive of industry practice. Jodie is a regular speaker at industry events and a keen researcher participating in projects such as the mapping of some of the unique traits of information security practitioners in Australia and investigating the Australian cyber security skills shortage.