New South Wales privacy commissioner Samantha Gavel has reminded government agencies to take a privacy-by-design approach when creating digital products and services.
Gavel launched Privacy Awareness Week alongside digital and customer service minister Victor Dominello on Monday, with the aim of improving understanding of NSW privacy legislation, and awareness of a person’s privacy rights and agency obligations.
“The community expects that NSW government agencies will protect their personal information appropriately and good privacy practice by agencies ensures that citizens can have trust in government services,” Gavel said in a statement.
“Agencies can make privacy a priority by implementing a privacy by design approach to digital projects and building good privacy practices into their decision-making, as well as the design and structure of their information systems, business processes, products and services.”
This year’s Privacy Awareness Week runs from May 3-9, with the theme Make Privacy a Priority. To mark the week, Gavel has released three privacy resources to help public sector agencies make privacy a priority, including a privacy-by-design fact sheet, a guide to privacy impact assessments, and an updated checklist to prevent data breaches.
A new guide for agencies on transitioning to the cloud and managing agencies’ privacy risks will also be released soon.
In NSW, any digital service or product “must be built on trust”, which means considering privacy, security, transparency and ethics, according to Dominello.
“Privacy is the hallmark of our democracy and something we must carefully guard,” he said.
“Our privacy-by-design approach has contributed to NSW being the most digitally advanced jurisdiction in Australia.”
The concept of privacy-by-design demands that agencies consider privacy at all stages of their initiatives, from the very beginning through to the development phase, and the implementation phase, according to the commission’s new fact sheet.
“Privacy by design ensures that good privacy practices are built into your organisation’s decision-making, as well as the design and structure of your information systems, business processes, products and services,” it said.
“By developing an organisation-wide awareness of privacy, a privacy by design approach shifts the focus to preventing privacy-related issues, rather than simply complying with privacy laws.”
Gavel has also encouraged members of the public to review their everyday privacy settings, and to contact state government agencies and local councils if they think their privacy has been breached.
“They can request the agency to conduct an internal privacy review. The privacy commissioner has an oversight role in relation to the internal review,” she said.
“The Information and Privacy Commission NSW can help citizens understand privacy laws in NSW and provide information on how to protect their personal information and assert their rights.”
People can also visit the Privacy Awareness Week NSW 2021 webpage to find resources that can help them better understand their rights under state privacy legislation.