We have extensive experience in conducting organisational reviews, focussing on privacy compliance and information management within organisations.
A privacy “audit” provides a detailed examination of both policy and practice, to highlight compliance gaps in the control environment, practices and procedures.
Our privacy audits utilise a number of techniques including questionnaires, paper-based review, face-to-face staff and management interviews, and an examination of systems and processes on the ground.
(If you are looking for tools to help you conduct your own privacy audit, see our new Compliance Kits.)
The result of a privacy audit will generally be a report containing:
- a description of the policies and practices of the organisation relating to privacy and data governance
- an outline of which privacy principles and Acts apply to the organisation
- risk areas identified in the privacy control environment
- gaps identified with respect to compliance with the privacy principles
- prioritised recommendations on how to address the gaps and risk areas
Audit clients have included:
- Lorica Health Pty Ltd
- Chartered Accountants ANZ
- Bitcoin Trader Pty Ltd
- Horticulture Innovation Australia
- Service NSW
- Transport for NSW
- the Department of Family and Community Services
- Sydney Water
- Pacific Link Community Housing
- the NSW Department of Education and Communities
- the Australian Broadcasting Corporation
- the Cancer Institute of NSW
- Sydney Olympic Park Authority
- the NSW Department of Human Services – Ageing, Disability & Home Care
- Central Queensland University
