Legal Insights

How solid are your privacy foundations?

By Sonia Sharma

• 02 May 2022 • 4 min read
  • Share

This week, Maddocks privacy specialists across all three offices will be bringing you a series of articles, podcasts, tips and more, inspired by the 2022 theme 'Privacy: The foundation of trust'.

This Privacy Awareness Week, we have been inspired by the OAIC’s campaign to check how well your privacy practices stack up. Your personal information is extremely valuable. It’s your identity, the foundations of who you are. Protect it. If you’re a business or government agency that’s been entrusted with personal information, it’s critical that you handle it with integrity and care.

In this article, Partner Sonia Sharma gives you her top tips for building solid privacy foundations as a private sector organisation.

I am passionate about helping organisations build strong foundations for managing privacy. It’s a huge responsibility to be trusted with personal information of your customers, staff and other stakeholders. Privacy needs to be actively managed, it’s a whole of business concern, it’s a Board issue and creating a privacy culture that enables privacy compliance has huge business benefits in the short and long term. We work with clients to create proactive privacy management frameworks to ensure the challenges of data breaches and the excitement of launching a new innovative product can be managed with confidence. Having those building blocks in place is critical. Here are my top tips private organisations should be asking to test their privacy foundations.

Australians want more protection


have a clear understanding of why we should protect our personal information.


believe personal information should not be used in a way that causes harm, loss or distress.


see the protection of our personal information as a major concern.


consider privacy extremely or very important when choosing a digital service.


want more control and choice over the use of our personal information.


believe children must be empowered to use online services, but their data privacy must be protected.

Your Privacy checklist – how strong are your foundations?

Is privacy and cybersecurity a Board concern? ASIC makes it clear, given the magnitude and prominence of privacy and cyber risk for most organisations, that informed oversight of risk involves the Board being satisfied privacy and cyber risks are adequately addressed by the risk management framework of the organisation.
Is your data breach response plan regularly reviewed and kept up to date for the latest market and regulatory developments such as the increased prevalence of ransomware attacks and new legislative obligations?
Do you have a privacy management plan to embed a culture of privacy, establish robust and effective privacy practice, implement procedures and systems, evaluate what you are doing and enhance your response? We are still seeing many private sector organisations operating without a clear privacy framework and plan.
Do you have appointed privacy and cyber champions within the business? These issues are a whole of business concern and not merely the responsibility of IT or legal!
Do you provide regular training and education which is ‘fit for purpose’ at all levels, from front line staff (such as phishing email campaigns) to the executive and the Board (e.g. running table top and hypothetical scenarios)?
How do you monitor and stay on top of the latest developments and trends?
When was the last time you conducted a data mapping exercise to understand the personal information you actually hold and how it is collected, used, disclosed and handled. Trust is critical but how can you manage risks if you don’t have a very clear picture of your organisations data flows. Many organisations still do not have a clear data map of the information they hold.

About the author

Sonia Sharma, a published authority and privacy and data specialist with a strong and rapidly growing privacy and data practice. She also helps to chair the Maddocks national Privacy Network. Sonia is a recognised privacy expert and is listed as a ‘5 Star Cyber Lawyer’ by Australasian Lawyer and a Next Generation Partner by Legal500 in their Data Protection category.

Sonia has lead large scale privacy transformation projects for private sector clients, ASX listed entities and big name brands who trust Sonia with their privacy needs. She is known for leading large scale data breach response and conducting significant privacy impact assessment projects. She has worked collaboratively with clients to implement privacy governance, frameworks and policy and procedures. Sonia regularly presents to clients and Boards on privacy.

Need further information on data and privacy?

By Sonia Sharma

  • Share

Recent articles

Online Access