Protection of personal information reviews
With the imminent commencement of the Protection of Personal Information Act all companies will need to review the manner in which they process information, and in particular personal information, in order to comply with the provisions of the Act and other related legislation. In many entities the processing of information is unstructured, with little or any governance and management of the processing. For many entities the necessity of complying with the Protection of Personal Information Act will require a review of their current status, a vision of the status that they need to achieve to ensure compliance, and careful planning to make the changes necessary and implement appropriate technologies (or configurations of existing technology), the documentation of policy, procedures and standards and the development of training materials necessary to achieve the desired status.
To address these requirements and achieve the objectives necessary a multidisciplinary approach, with expertise in information governance, management and security as well as relevant legislation and protection of personal information know-how are minimum requirements.
Protection of personal information reviews may also be supplemented by Privacy Impact Assessments. These are intended to focus on specific information lifecycles, mapped against the Lawful Conditions of processing of personal information required in Chapter 3 of the Protection of Personal Information Act and other legislation or regulation which applies to the information being processed, assessing areas of non-compliance, determining the changes and control measures necessary to achieve compliance and the impact at technology, business and compliance levels that the necessary changes will have to the business conducted by the organisation.
Privacy Online consultants possesses the skills required to review the technology and process within an entity, recommend remedial and development interventions necessary to achieve the desired changes, and the education ability to transfer skills to identified people within the entity.