Recommendation 3. Managing the risk of re-identifying data – review of processes | Response to the 2023 Privacy Impact Assessment

Recommendation 3.
Managing the risk of re-identifying data – review of processes

A rules book. A person with a finger on their mouth and the word, 'Private'. A green tick.

Rules about privacy and security should include ways to stop people finding people’s names or knowing who the information is about

A collection of calendars. A person with a finger on their mouth and the word, 'Private'. A green tick.

These rules for the data asset and computer system should be checked every year. This can help to make sure that the data on computer systems is kept private and safe.

Response

The Australian Coat of Arms. A map of Australia and a handshake. A green tick.

We agree.

A person giving a thumbs up, holding a clipboard with a green tick.

The Board will be asked to agree to a review that looks at extra ways to stop people’s names being known or information being linked back to people.

A person looking through a magnifying glass. A person writing on a clipboard.

A review is a way to look at how things are being done and make changes if needed.

A person looking through a magnifying glass. A laptop that says, 'Name', 'Address', 'Phone', and 'Medical'.

The review could look at:

the ways we keep data safe and private
other things we can do.

A colleciton of calendars.

The review should be done every year when there is new data or when things are found not to be safe.

A report document.

A report will be written about this and given to all the groups who need it, including the Board and the Council.

A calendar that says, 'July 2025'. A magnifying glass.

The first review is to be done by July 2025.