Companies need a culture of privacy and risk management: NSW Privacy Commissioner

Companies need a culture of privacy and risk management: NSW Privacy Commissioner

If you don’t know what information you have, there is no chance of managing it correctly, says Dr Elizabeth Coombs

More organisations in New South Wales need to establish a culture of privacy and risk management rather than ignoring the issue, according to NSW Privacy Commissioner Doctor Elizabeth Coombs.

Speaking at an International Association of Privacy Professionals Australia and New Zealand (iaapANZ) seminar in Sydney, Coombs told delegates that some organisations she visits don’t see privacy as a high priority.

“Something I put to all organisations is the role of leadership when it comes to privacy, particularly of the CEO and senior management. If the CEO doesn't view it as an interest, rarely does that percolate down within an organisation,” she said.

Coombs said CEOs should be asking the following questions:

“Is privacy management included in the internal audit and risk program? Does the audit and risk committee get reports about privacy management?”

While Coombs conceded that people might see privacy management as one of the “driest subjects ever”, she pointed out that if organisations don’t know what information they have, there is “no chance” of managing it correctly.

Australian Privacy Commissioner Timothy Pilgrim agreed with Coombs’ comments.

“What we [the OAIC] are seeing is that a lot of organisations don’t have an adequate privacy governance structure in place. This raises questions. Where does the responsibility for privacy lie in an organisation? The answer to that is going to depend on the type of organisation and size,” he said.

“Some businesses may have an entire section devoted to dealing with privacy, compliance and governance whereas others will only have a single person.”

While the day-to-day responsibility for personal information and privacy may sit within various areas of the business, Pilgrim’s view is that responsibility for privacy governance sits with the CEO, executive, the board or management of any organisation.

He added that information is an asset to any business but needs to be protected through adequate cyber security measures and staff training on privacy.

Follow Hamish Barwick on Twitter: @HamishBarwick

Follow Computerworld Australia on Twitter: @ComputerworldAU, or take part in the Computerworld conversation on LinkedIn: Computerworld Australia

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

Join the CIO newsletter!

Error: Please check your email address.

Tags Timothy PilgrimNSW privacyNSW Privacy Commissioner Dr Elizabeth Coombsprivacy

More about

Show Comments