NSW departments must improve privacy governance

By Dylan Bushell-Embling
Tuesday, 28 October, 2014

New South Wales’s Privacy Commissioner Dr Elizabeth Coombs has expressed concern over delays implementing privacy reforms to protect information stored by government departments.

In an introductory letter to the NSW Information and Privacy Commission’s (IPC) annual report, Coombs said progress on the agency’s privacy work program has been “disappointing”.

Delays in the program are coming at a time when there is renewed interest in online privacy issues among the public and “represent a missed opportunity to assist NSW public sector agencies and members of the public”, she said.

“While there has been some progress, significant projects have been delayed and projects addressing systemic issues in NSW public sector agencies’ management of personal information could not be completed as planned,” Coombs said.

Coombs cited the example of a delay to a project involving developing a code of practice for how agencies should host information covered under the state’s privacy act outside New South Wales.

“The absence of a code is a major deficiency in the protection of the personal information of NSW citizens,” Coombs said.

“I was delighted to be advised by the Attorney General that he intends to address this situation by legislative amendment, not a code of practice ... Until legislative amendment has occurred, however, the current lack of protection remains.”

The commission also had to delay a project to draw up fact sheets for healthcare practitioners surrounding their obligations under the Act as it applies to personal health records.

“It also became apparent the IPC’s case management system and the mapping of workflows have not adequately captured privacy matters and need to be improved.”

She stressed that government departments must meanwhile do more to improve their privacy governance efforts.

“I’m hopeful there will be progress on addressing a number of outstanding and longstanding issues in the coming year. Big data and data sharing will remain on my agenda,” Coombs concluded.

During the financial year the commission dealt with over 5000 email and phone enquiries, and finalised 745 case investigations and reviews. It also received 511 GIPA review applications and complaints (closing 490 of them), as well as 253 privacy reviews and complaints (closing 255 such matters).

Image courtesy of g4ll4is under CC