If you work in government, you may have caught wind of the Australian Government Agencies Privacy Code, which is coming into force for government agencies on July 1st. So, is your agency prepared? Here’s everything you need to know about it to make sure you comply.
First of all, what is the Code?
From the OAIC’s website: The Australian Government Agencies Privacy Code (the Code) was registered on 27 October 2017 and commences on 1 July 2018. The Code sets out specific requirements and key practical steps that agencies must take as part of complying with Australian Privacy Principle 1.2 (APP 1.2).
In layman’s terms, it means that government agencies need to standardise privacy governance so that there’s a consistent, high-standard way of managing personal and sensitive information across all government agencies.
Why the need for the Australian Government Agencies Privacy Code?
The aim of the Code is to make sure that sensitive and personal information is handled with care by all government agencies.
Enforcing it will not only mean that there’ll be an inherent culture of respect for the value of privacy, but ultimately, it will help build public trust in how the government handles their information.
In other words, peace of mind – both for the government, in knowing that each individual’s privacy is being protected – and for the individual, who knows exactly how their data is being handled by each government agency.
How does the Code affect government agencies?
To comply, government agencies will have to adjust their processes, and even make a few hires! Agencies will need to:
- Have a privacy management plan
- Appoint Privacy Officer(s) and ensure that particular functions are undertaken by them
- Appoint a senior official as a Privacy Champion to
- Provide cultural leadership
- Promote the value of personal information
- Ensure the functions of a Champion are undertaken
- Keep registers of Privacy Impact Assessments (PIA – more on that later) conducted and publish a version of it on your websites
- Take steps to enhance internal privacy – including
- Providing appropriate education and training in staff induction programs
- Providing annual training to all staff who have access to personal information
However, the Code is scalable and flexible – so it depends on the size of your agency, as well as the sensitivity and amount of personal information that the agency handles.
KYOCERA offers a service where we can help agencies become compliant – simply have your appointed privacy officer fill out this form and we’ll be in touch.
How does the Code affect the public?
To the public, the Code means they’ll have greater visibility about how their data is being used. It shows them you’ve thought about their privacy, through the publishing of Privacy Impact Assessments for every government project.
PIAs detail how each project will impact the privacy of individuals – containing recommendations for how to manage and mitigate any negative impacts. They will give the public a full picture from a privacy perspective, going beyond compliance into the broader privacy risks and implications, and showing the community that your agency has considered whether they’ll find it acceptable.
PIAs will facilitate greater transparency by describing how personal information flows in a project, analysing the possible impacts on an individual’s privacy, and achieve project goals while minimising the negative and enhancing the positive privacy impacts.
What does this mean for data security?
It’s ever more important to ensure that your processes are secure, because the way you secure sensitive data will be made transparent to the general public.
Some best practice tips are to:
- Keep up to date with security threats (like document security, phishing and ransomware)
- Have a centralised monitoring system
- Update all machines, networks and printers with the latest software
- Encrypt data and network traffic
- Control data access
- Create data protection policies – and enforce them
- Utilise DLP (Data Leakage Protection) systems for electronic and print documents
- Save clear guidelines on sharing data with partners and suppliers
- Dispose of electronic and paper waste properly (this is often overlooked)
Additionally, because of the Privacy Champion and Privacy Officer requirements, there will be greater levels of data security across the board, simply because more staff have been dedicated to the protection of personal data.
If you’d like help in making you compliant with the Code, we’d be happy to give you a Privacy Impact Assessment – just fill out this form to register your interest.