Privacy commissioner releases guide for managing risks while transitioning to cloud

By Shannon Jenkins

May 6, 2021

(Image: Adobe/Nmedia)

The New South Wales Information and Privacy Commission has launched a new guide that state public servants can use to manage privacy risks while their agencies increasingly adopt cloud-based technologies.

The state government’s ICT strategy has set a target of having all government agencies using a public cloud for a minimum of 25% of their ICT services by 2023.

The new guide, released on Wednesday aims to help staff from all levels of an agency adopt sound privacy practices during the entire cloud adoption lifecycle.

The resource explains key privacy risks of using cloud-based technologies, such as the unauthorised use of cloud services by government employees, and poor security arrangements by cloud providers. Potential impacts are also addressed, including harm to individuals and damage to the government’s reputation.

The guide offers a framework and checklist for the management of privacy risks, which are underpinned by the elements of strategy, policies, data, architecture, vendor, operations, assurance, training and awareness, and governance.

In the case of training and awareness, for example, the guide outlines key messages that target specific roles, ranging from procurement and contract management personnel to ICT professionals.

READ MORE: NSW government agencies to be using public cloud for at least 25% of ICT services by 2023

NSW privacy commissioner Samantha Gavel said it would be critical for agencies to manage the evolving risks that come with new ways of collecting, using, storing and transferring the personal information of the public.

“Being a part of the digital evolution of New South Wales and making the most of data assets requires the adoption of reliable and repeatable risk management and decision-making processes,” she said.

“I encourage agencies to build this guidance into their digital transformation agenda.”

The guide has been launched as part of Privacy Awareness Week.

Meanwhile, the Office of the Australian Information Commissioner has also developed a number of new resources to recognise Privacy Awareness Week, including:

READ MORE: New resource helps agencies know when to conduct privacy-impact assessments


About the author
Inline Feedbacks
View all comments
The Mandarin Premium

Insights & analysis that matter to you

Subscribe for only $5 a week


Get Premium Today