With rapid changes in technology (data volume and connectivity) and the new Australian privacy laws the need to protect private information is more important than ever.
We assist clients to:
The first step to managing private information is to create a Privacy Impact Assessment (PIA). A PIA is an assessment of the threats and risks to private information and a strategy of recommended controls to treat unacceptable risks.
To create the PIA we typically use workshops to leverage the knowledge of your staff. Your staff knows your business and processes better than anyone and using workshops results in a better PIA. In the workshops we go through flows and usage of private information, credible threats to that information and calculate the risk of the threat. The recommended actions to treat unacceptable risks are then discussed and agreed upon. The final step is to deliver a risk management strategy using this knowledge that can be used by senior management to make informed decisions.
In many ways the PIA is very similar to an information security Threat and Risk Assessment (TRA) as applied to private information. We use this experience to reduce the time and therefore cost to your organisation of developing a Privacy Impact Assessment.