Legal Insights
How solid are your privacy foundations?
This week, Maddocks privacy specialists across all three offices will be bringing you a series of articles, podcasts, tips and more, inspired by the 2022 theme 'Privacy: The foundation of trust'.
This Privacy Awareness Week, we have been inspired by the OAIC’s campaign to check how well your privacy practices stack up. Your personal information is extremely valuable. It’s your identity, the foundations of who you are. Protect it. If you’re a business or government agency that’s been entrusted with personal information, it’s critical that you handle it with integrity and care.
In this article, Partner Sonia Sharma gives you her top tips for building solid privacy foundations as a private sector organisation.
I am passionate about helping organisations build strong foundations for managing privacy. It’s a huge responsibility to be trusted with personal information of your customers, staff and other stakeholders. Privacy needs to be actively managed, it’s a whole of business concern, it’s a Board issue and creating a privacy culture that enables privacy compliance has huge business benefits in the short and long term. We work with clients to create proactive privacy management frameworks to ensure the challenges of data breaches and the excitement of launching a new innovative product can be managed with confidence. Having those building blocks in place is critical. Here are my top tips private organisations should be asking to test their privacy foundations.
Australians want more protection
85%
have a clear understanding of why we should protect our personal information.
84%
believe personal information should not be used in a way that causes harm, loss or distress.
70%
see the protection of our personal information as a major concern.
84%
consider privacy extremely or very important when choosing a digital service.
87%
want more control and choice over the use of our personal information.
82%
believe children must be empowered to use online services, but their data privacy must be protected.
Your Privacy checklist – how strong are your foundations?
 | Is privacy and cybersecurity a Board concern? ASIC makes it clear, given the magnitude and prominence of privacy and cyber risk for most organisations, that informed oversight of risk involves the Board being satisfied privacy and cyber risks are adequately addressed by the risk management framework of the organisation. |
| Is your data breach response plan regularly reviewed and kept up to date for the latest market and regulatory developments such as the increased prevalence of ransomware attacks and new legislative obligations? |
| Do you have a privacy management plan to embed a culture of privacy, establish robust and effective privacy practice, implement procedures and systems, evaluate what you are doing and enhance your response? We are still seeing many private sector organisations operating without a clear privacy framework and plan. |
| Do you have appointed privacy and cyber champions within the business? These issues are a whole of business concern and not merely the responsibility of IT or legal! |
| Do you provide regular training and education which is ‘fit for purpose’ at all levels, from front line staff (such as phishing email campaigns) to the executive and the Board (e.g. running table top and hypothetical scenarios)? |
| How do you monitor and stay on top of the latest developments and trends? |
| When was the last time you conducted a data mapping exercise to understand the personal information you actually hold and how it is collected, used, disclosed and handled. Trust is critical but how can you manage risks if you don’t have a very clear picture of your organisations data flows. Many organisations still do not have a clear data map of the information they hold. |
About the author
Sonia Sharma, a published authority and privacy and data specialist with a strong and rapidly growing privacy and data practice. She also helps to chair the Maddocks national Privacy Network. Sonia is a recognised privacy expert and is listed as a ‘5 Star Cyber Lawyer’ by Australasian Lawyer and a Next Generation Partner by Legal500 in their Data Protection category.
Sonia has lead large scale privacy transformation projects for private sector clients, ASX listed entities and big name brands who trust Sonia with their privacy needs. She is known for leading large scale data breach response and conducting significant privacy impact assessment projects. She has worked collaboratively with clients to implement privacy governance, frameworks and policy and procedures. Sonia regularly presents to clients and Boards on privacy.
Need further information on data and privacy?
By Sonia Sharma
Keep up to date with our legal insights and events
Sign upRecent articles
Legal Insights
Reform to Australia’s merger clearance regime
By Ron Smooker, Shaun Temby, Jacqueline Picone, and Oliver Wahlstrom
A new mandatory, suspensory merger review system conducted by the ACCC comes into effect in Australia on 1 January 2026.
Legal Insights
What all Victorian Government personnel need to know about OVIC’s recent statement on ChatGPT
By Robert Gregory, Georgia Hunt, and Jack Curran
Generative AI, including ChatGPT is becoming common in all facets of personal, professional and public life.
Legal Insights
Important changes to the Workplace Injury Rehabilitation and Compensation Act 2013 concerning workers’ compensation in Victoria
By Catherine Dunlop, Jessica Mourney
From 31 March 2024, amendments to the Victorian workers’ compensation scheme took effect
Legal Insights
A step closer to mandatory climate-related disclosure
By Ron Smooker, Rosamond Sayer, Samantha Murphy, and Joseph Fox
The Treasurer introduced the Treasury Laws Amendment (Financial Market Infrastructure and Other Measures) Bill 2024.
Partner
Sydney