Privacy Impact Assessment Guide
August 2006
Navigation
Full PIA Guide download
PDF Word
MODULE F
Privacy Management
The following are some examples of matters which agencies could take into account when considering actions or responses which might appropriately be taken in relation to any negative privacy impacts identified in the PIA.
-
Balancing interests: provide an appropriate balance between the goals of the project, the interests of the agency and those of individuals who may be affected. Put yourself "in the shoes" of an individual whose personal information is affected by the project. How would ordinary individuals react?
-
Minimum standards: ensure a minimum standard of privacy protection for individuals affected by the project (the IPPs may not apply in all circumstances or situations). Consider in particular situations where the project involves the transfer of personal information across public or private sectors, or across jurisdictions, including the adequacy of privacy protection and regulatory oversight.
-
Proportionality: ensure that any privacy infringement is proportional to, or appropriately balanced with, any benefits gained from the infringement. What is the likelihood of achieving the benefits?
-
Transparency and accountability: ensure that measures affecting privacy are transparent to individuals, through adequate notice and the availability of privacy policies, and that agencies are accountable for how they handle personal information, including through effective complaint-handling, audit and oversight.
-
Flexibility: be sufficiently flexible to take account of the diversity of individuals affected by the project. Do some individuals have heightened sensitivities, for example, about the personal information involved in the project?
-
Deliverable promises: ensure that privacy protections are followed through by including them in law or other binding obligations, and by building them in to new technology.
-
Privacy Enhancing Technology: carefully consider any available privacy enhancing technologies, as well as the impacts of implementing privacy invasive technologies.
-
Review after implementation: Did the project meet its primary objectives? How will the project's privacy impacts be assessed: e.g. in an internal audit; implementation assessment, an Australian National Audit Office or OPC audit, or scrutiny by a Parliamentary committee?