Embed privacy from the outset

Privacy practices

Contact your agency's privacy contact officer or legal team for advice on how to embed robust privacy practices from the start of your project.

Use the Information and Privacy Commission's checklist to identify privacy issues to help you identify any relevant issues to discuss.

Ensure your teams think about your customers' points of view. Consider for example:

• What information do you tell them you will be collecting?
• How do they feel about giving you their address or phone number?
• Is it necessary to collect this information?
• How will you manage and store the information you collect?
• Have you sought full consent from your customer to collect and use the information?

Privacy by design

Look into applying 'privacy by design'. Privacy by design is a process for embedding practices into your design. It helps you to proactively identify any privacy risks while developing your service, so you can offset them as part of the design. Talk to your privacy contact officer.

Privacy management plan

Familiarise yourself with your agency's privacy management plan. It sets out how your agency will comply with the privacy legislation. Every NSW Government agency must have one.

Privacy impact assessment

Use a privacy impact assessment (PIA) when planning your project to help:

• identify the risk of any breach of the Information Protection Principles and the Health Privacy Principles
• identify the impact that an activity might have on the privacy of individuals
• set out recommendations for managing, minimising or eliminating that impact.

Use your PIA as a tool rather than a compliance exercise. You should update it as you make changes to your service design. For more information go to the guide to privacy impact assessments in NSW.