We have extensive experience in conducting organisational reviews, focussing on privacy compliance and information management within organisations.
A privacy “audit” provides a detailed examination of both policy and practice, to highlight compliance gaps in the control environment, practices and procedures.
Our privacy audits utilise a number of techniques including questionnaires, paper-based review, face-to-face staff and management interviews, and an examination of systems and processes on the ground.
The result of a privacy audit will generally be a report containing:
- a description of the policies and practices of the organisation relating to privacy and information management
- a ‘map’ of which privacy principles and Acts apply to the organisation
- risk areas identified in the privacy control environment
- gaps identified with respect to compliance with the privacy principles
- prioritised recommendations on how to address the gaps and risk areas
Recent audit clients have included:
- Lorica Health Pty Ltd
- Chartered Accountants ANZ
- Service NSW
- Transport for NSW
- the Department of Family and Community Services
- Sydney Water
- Pacific Link Community Housing
- the NSW Department of Education and Communities
- the Australian Broadcasting Corporation
- the Cancer Institute of NSW
- Sydney Olympic Park Authority
- the NSW Department of Human Services – Ageing, Disability & Home Care
- Central Queensland University
