PRIS Act Foundations for the WA Public Sector

Who this is for

Get ready for the PRIS Act! This Kit is for Western Australian government agencies, local councils and public universities which need the fundamentals sorted ASAP, like a Privacy Policy, an Information Breach Policy and Information Breach Response Procedure, and template collection notices.  Plus it includes a checklist and survey tool to help identify and mitigate common privacy risks, plain language guidance on how to build your privacy management program, and expert guidance on managing more complex areas like automated decision-making systems.

What is included

• WA Template: Privacy Policy – see more below
• WA Template: Information Breach Response Procedure (and Policy) – see more below
• WA Template: Collection Notices and Consent Forms – see more below
• WA Template: Privacy Audit Survey tool – see more below
• Checklist: Common Privacy Risks and Controls
• eBook: Algorithms, AI, and Automated Decisions
• eBook: Demystifying De-Identification
• eBook: Big Data
• Briefing Paper: GDPR in a Nutshell
• eBook: The Privacy Management Handbook

How to use these resources

Start with The Privacy Management Handbook, which offers an introductory guide to what your agency needs to do, and explains how to use the other resources in your Kit.  This concise, 40-page guide covers:

• What a privacy management program should include
• First steps
• Managing risk
• Establishing processes
• When things go wrong
• Getting the message across
• Professional development, and
• Links to further resources.

Then use the included Templates, to quickly produce the foundational documents needed for your PRIS Act compliance program: a Privacy Policy, Information Breach Policy and Information Breach Response Plan, collection notices and consent forms.

Each Template has been designed specifically to reflect the PRIS Act obligations for WA public sector agencies.  Follow the instructions within the Word document to quickly create all the key artefacts needed to support privacy compliance in your agency.

Template Information Breach Response Procedure (including Information Breach Policy): The PRIS Act will require WA public sector agencies to report to the OIC, and to notify affected individuals, about certain types of data breaches.  Plus in some cases other laws will apply additional reporting or notification requirements.  This template document offers a ready-made procedure for your agency, which will streamline the process of responding to a data breach.  This Template Procedure:

• has a quick decision-tree guide for all staff
• defines for your staff what is an ‘information breach’, and who they need to report to if they suspect a breach has occurred
• offers guidance on how to establish a Breach Response Team
• sets out a four-step response procedure for the Privacy Officer and Breach Response Team to follow
• lists the factors to consider when assessing the ‘serious harm’ threshold test
• allows for triaging – i.e. different steps according to whether the breach is high / medium / low risk
• calls out the additional obligations under EU law if the European General Data Protection Regulation (GDPR) applies to you
• includes a template for both internal and external reporting
• includes a template notification letter for affected individuals, and
• explains the role of an Information Breach Response Procedure versus an Information Breach Policy, and how to develop your public-facing Policy out of your comprehensive internal-facing Procedure.

Template Privacy Policy: This template reflects the new WA IPPs.  You will still have to do some legwork to fill in the blanks, but this has all the basics laid out for you.  It also includes the extra bits you will need if you are regulated by the GDPR as well.

Template Collection Notices and Consent Forms: This document offers a set of different templates, with instructions on what information to fill in where, to help you customise Collection Notices and Consent Forms for your agency.  It also helps explain when you will need a Consent Form, compared with when a Collection Notice will do.  It also includes the extra bits you will need if your agency is regulated by the GDPR as well.

The Template Privacy Audit Survey is designed as an information gathering tool for the Privacy Officer to kick-start a data inventory process, and/or an organisation-wide privacy audit or compliance review.  It includes instructions on how to conduct a privacy audit of your agency.

Finally, start testing privacy controls across your organisation.  Described as ‘gold’ by one of our customers, the Checklist of Common Privacy Risks and Controls offers a list of 95 common privacy risks, and potential controls to mitigate those risks.  Use it in privacy risk assessments, to run the ruler over a project, a system, a team, or agency-wide.

You can use the other included eBooks to help answer specific questions as they arise, on topics like de-identification, or reviewing automated decision-making systems.

Buy Now   $1500 +GST

Keeping your resources up-to-date

Privacy compliance considerations are changing all the time. We update our resources whenever there is a change in the legislation, a fresh interpretation of the law, new regulatory guidance or a significant new policy which should be reflected in our materials. So you can buy a Compliance Kit with confidence that the resources included reflect the current state of play.

Then if things change in the future? You can update to the latest version of the same Kit at a quarter of the price. Past customers should contact us to receive their 75% discount code before purchasing a new version of their Kit.