Now that there is a Mandatory Notifiable Breach (MNB) obligation in place, organisations are getting serious about adhering to the Privacy Amendment Act of 2014.
Compliance begins with a thorough understanding of the reasons behind collecting and holding personal information (staff and client).
A mcr Privacy Impact Assessment helps to answer critical questions and streamline your information lifecycle management in line with the Australian Privacy Principles (APPs). We can help you analyse your business to identify risks, assess impact and develop strategies and actions plans around the APPs.
The purpose of the assessment is to determine the information lifecycle management (collection, use and disclosure, quality and security, access and correction) used in the provision of services.
- the kinds of personal information collected and held;
- how personal information is collected and held;
- the purpose for which the information is collected, held, used and disclosed;
- how an individual may access personal information about themselves (and how they can correct information);
- how an individual may complain about a breach and how such a complaint is dealt with;
- whether the information is likely to be disclosed to an overseas party; and
- if personal information is to be disclosed to overseas parties —the countries in which they are likely to be located.