Privacy Awareness Week – Make privacy a priority
Privacy Awareness Week (PAW) will be held from 3-9 May 2021. IPAA Queensland asked Phil Green, Privacy Commissioner at the Office of the Information Commissioner Queensland, to share his thoughts and insights on the changing privacy landscape in the digital world.
What is the significance of Privacy Awareness Week?
PAW is an annual event celebrated across Asia-Pacific to promote greater privacy awareness and highlight the importance of protecting personal information. The theme for PAW 2021 is Make privacy a priority.
PAW is an important awareness raising event on the Office of the Information Commissioner’s (OIC’s) calendar. To celebrate PAW 2021, we have planned events and will release new resources to help agencies and the community make privacy a priority.
Our PAW launch event this year features a keynote presentation from Mr Alan MacSporran QC, Chairperson of the Crime and Corruption Commission. We are very excited to have Mr MacSporran share his expertise about government powers and practices to prevent misuse of personal information.
In the midst of the global COVID-19 pandemic, safeguarding personal information is more important than ever.
How does OIC support agencies when it comes to privacy rights and responsibilities?
We support agencies in a variety of ways. OIC’s statutory functions include assisting agencies to comply with their obligations under the Information Privacy Act 2009 to safeguard the personal information they hold.
We provide independent expert privacy advice and assistance to agencies on the privacy principles and their projects and programs. We encourage and promote agencies’ early engagement of privacy services and actively participate in working groups and specialist committees.
A comprehensive suite of resources is accessible on our website which includes guidelines, information sheets and tools. This is complemented by OIC’s dedicated enquiry service. We also offer targeted and tailored training on a range of privacy issues and topics, including free online training.
PAW’s 2021 theme is ‘Make privacy a priority’, what are the key areas agencies need to focus on in order to achieve this?
Increasingly the community expects greater transparency from government in the handling of their personal information. In 2020, 83% of Australians said they would like the government to do more to protect the privacy of their data. Handling the community’s personal information the right way – in a privacy-respectful way – builds trust and transparency with Queenslanders.
There are many simple steps agencies can take to make privacy a priority. Key focus areas should include:
- implementing a Privacy by Design approach and building good privacy practices into decision-making and new initiatives from inception to implementation and beyond,
- conducting Privacy Impact Assessment (PIAs) and making them publicly available,
- embedding a Privacy Champion at a senior level, and
- ensuring all employees receive initial and ongoing training about their information privacy and information security obligations and responsibilities.
The OIC’s latest audit of agencies made recommendations about staff training, how does training impact on a privacy-aware work culture?
All public servants and agencies need to understand their obligations under the Information Privacy Act 2009 (Queensland). Privacy is recognised as a human right in Queensland under the Human Rights Act 2019. There can be serious disciplinary and criminal consequences for privacy breaches, such as unauthorised access to personal information. The Queensland Crime and Corruption Commission (CCC) examined the issue of misuse of confidential information by public sector agencies, tabling its Operation Impala – A report into misuse of confidential information in the Queensland public sector (with 18 recommendations) in Parliament in February 2020.
An important risk mitigation strategy all agencies can take to better protect personal information and reduce harm to the community is to train and educate employees about information privacy and information security obligations and expectations. Training improves understanding of information access and privacy rights and responsibilities. Raising staff awareness of privacy obligations and responsibilities is a great foundation for building a privacy-aware work culture. The OIC made recommendations for all Queensland government agencies about training and awareness of privacy obligations in a 2018 audit.
Following OIC’s latest follow-up audit on awareness of privacy obligations, we published a new guideline, Achieving effective privacy and information security training, which draws on both the OIC’s work in auditing agencies and recommendations made by the CCC in the Operation Impala report. It outlines the key requirements necessary for an agency’s privacy and information security training to be as effective as possible.
Can you tell us about the network of Privacy Champions being set up across the public service?
Building a privacy-aware work culture requires effective leadership. This is supported by OIC’s compliance audits, reviews and surveys and the findings of the Crime and Corruption Commission’s recent Operation Impala report.
While employees at all levels have a role to play in building a privacy-aware culture, a Privacy Champion is a senior official appointed within an agency who is responsible for leadership activities and engagement that require broader strategic oversight.
To support Privacy Champions in this important role, OIC is seeking to establish a network of champions across Queensland government agencies. We’ll be hosting the initial meeting of nominated Privacy Champions from Queensland Government departments during PAW 2021, so they can discuss topical issues, challenges and opportunities. We’ll be encouraging similar smaller networks within different sectors such as HHSs and local government to form, with a view to also facilitating opportunities for broader sharing of experience and expertise.
A network of Privacy Champions offers a range of exciting possibilities to share, collaborate and innovate across Queensland government agencies. This will help strengthen privacy practices and seek solutions to complex privacy challenges posed by new and emerging technologies.
OIC’s Privacy Champion Policy is available on our website. This policy forms part of OIC’s long-standing commitment to building an effective privacy culture, including improving information privacy practices and taking proactive steps to embed Privacy by Design into agency functions, systems and processes.
What are the big developments on the horizon for privacy law reform and policy in Queensland?
A contemporary legislative privacy framework in Queensland is critical to being able to respond to changing community concerns over privacy and the government’s ability to protect their personal information. Existing and emerging technologies with advanced image, audio, tracking and analytical capabilities pose a serious threat to an individual’s privacy, and significant gaps remain in the current legal framework.
In an increasingly interconnected digital world, it is important that privacy legislation remains fit for purpose. Developments in artificial intelligence and technology will necessitate an increased need for stronger privacy and data security measures to be adopted and implemented.
The recent findings of the Australian Community Attitudes to Privacy Survey 2020 conducted by the Office of the Australian Information Commissioner demonstrate changing community expectations around handling of personal information. Meeting community expectations becomes critical for the community, businesses and governments in building trust.
A number of reviews and reports have recommended amendments to privacy law in Queensland. The Queensland Law Reform Commission’s Civil Surveillance and Privacy Review Report contains a draft bill which seeks to provide for an individual’s privacy to be protected from unjustified interference from the use, or the communication or publication of information obtained from the use, of surveillance devices.
The CCC’s Operation Impala report recommended amendments to Queensland’s privacy legislation, including the introduction of a mandatory data breach notification scheme. The Report on the Review of the Right to Information Act and Information Privacy Act 2009, tabled in Parliament in October 2017, also made recommendations to amend Queensland’s privacy legislation.
A strong legislative framework is required to ensure the challenges of an ever-evolving digital service and technology environment are met and public expectations about privacy are fulfilled.
About IPAA Queensland
IPAA Queensland advances the professionalism, capability and integrity of public administration and public purpose work and promotes pride in service.
If you’re a public servant or engaged in public purpose work, we encourage you to get to know and connect with IPAA Queensland. Find out more about us by reading more on our site or through joining as a member here.
Build connections. Challenge your thinking. Keep informed. It’s your IPAA.