We have extensive experience in conducting compliance reviews, also known as ‘privacy audits’, which review privacy compliance and data governance across an organisation.
A privacy audit provides a detailed examination of both policy and practice, to highlight compliance gaps in the control environment, practices and procedures.
Our privacy audits utilise a number of techniques including questionnaires, paper-based review, face-to-face staff and management interviews, and an examination of systems and processes on the ground.
(If you are looking for tools to help you conduct your own privacy audit, see our new Compliance Kits.)
The result of a privacy audit will generally be a report containing:
- a description of the policies and practices of the organisation relating to privacy and data governance
- an outline of which privacy principles and Acts apply to the organisation
- risk areas identified in the privacy control environment
- gaps identified with respect to compliance with the privacy principles, and
- prioritised recommendations on how to address the gaps and risk areas, and build a more robust privacy compliance program.
Our Privacy Audit clients have included:
- Australian Broadcasting Corporation
- Boston Scientific
- Cancer Institute of NSW
- Central Queensland University
- Chartered Accountants ANZ
- Consensus Group
- Horticulture Innovation Australia
- Lorica Health Pty Ltd
- NSW Department of Education
- NSW Department of Family and Community Services
- On The Line Counselling Service
- Pacific Link Community Housing
- Service NSW
- Sydney Olympic Park Authority
- Sydney Water, and
- Transport for NSW.