We have extensive experience in conducting privacy compliance reviews, sometimes known as privacy audits, which review privacy compliance and data governance, either for a specific project or program, or across an organisation.
Our privacy compliance reviews can be a light touch ‘health check’, or can involve a more detailed examination of both policy and practice, to assess the level of maturity of the privacy management program, and to highlight compliance gaps and privacy risks in the practices of the organisation.
Our privacy compliance reviews utilise a number of techniques including questionnaires, paper-based review, face-to-face staff and management interviews, and an examination of systems and processes on the ground.
(If you are looking for tools to help you conduct your own privacy risk assessments, see our Compliance Kits.)
The result of a privacy compliance review will generally be a report containing:
- an outline of which privacy principles and Acts apply to the organisation
- a description of the policies and practices of the organisation relating to privacy management and data governance
- risk areas identified with respect to compliance with the privacy principles
- an assessment of the maturity of the privacy management program, and
- prioritised recommendations on how to address the gaps and risk areas, and build a more robust privacy management program.
Our Privacy Compliance Review clients have included:
- Australian Broadcasting Corporation
- Boston Scientific
- Cancer Institute of NSW
- Central Queensland University
- Chartered Accountants ANZ
- Consensus Group
- Horticulture Innovation Australia
- Lorica Health
- NPS MedicineWise
- NSW Department of Education
- NSW Department of Family and Community Services
- On The Line Counselling Service
- Pacific Link Community Housing
- Service NSW
- Sydney Children’s Hospitals Foundation
- Sydney Olympic Park Authority
- Sydney Water, and
- Transport for NSW.