The International Association of Privacy Professionals Australia and New Zealand (iappANZ), which seeks to connect privacy people and empower privacy practice, has held its first event in this country.
It is affiliated with the global IAPP and gives members access to extensive privacy resources and networks. iappANZ works with public and private entities across all industry sectors in Australia and New Zealand as well as the Privacy Commissioners in both countries. A sub-committee is now working to build iappANZ’s presence and relevance in New Zealand.
During the week beginning 20 July 2015, the iappANZ NZ sub-committee hosted its inaugural event, in Auckland and Wellington, bringing together privacy professionals from the public and private sector to consider and discuss a risk management approach to privacy compliance. Participants heard insights and lessons from ACC, the NZ Bankers’ Association, the Ministry of Business, Innovation and Employment and Trade Me, and these were complemented by overarching commentary and guidance from the Privacy Commissioner John Edwards.
The event was an excellent exposure to the varied approaches different agencies or industries take to the management of privacy risk. Many speakers had extremely positive stories to tell about the successes they had achieved, from restructuring privacy governance from the top down to developing processes to ensure that government requests for personal information were carefully tested and scoped before being actioned.
While it was clear from the comments made that we cannot take a “one size fits all” approach to best privacy practice, some strong themes emerged:
- By feeding privacy into the traditional risk management framework, privacy professionals can ensure that proper governance, monitoring and accountability are encouraged for their agencies.
- Privacy is an integral part of the wider trust concept. Taking lessons from the banking sector, other agencies – such as ACC and Trade Me – are now seeing value in using privacy as a building block for improving customer trust.
- Privacy risk should be managed by all staff, who should feel safe and empowered to speak up about privacy breaches. This requires a strong privacy culture to be set from the top and will contribute to the effective and timely management of breaches.
- Privacy by Design, and the privacy impact assessment process, is a recommended way to drive privacy compliance from the outset.
This session was the first of many endeavours to come, facilitated by iappANZ to grow the privacy profession, increase awareness and build a strong and effective network for the New Zealand privacy community.
To find out more, or to become a member of iappANZ, please visit www.iappanz.org.
The New Zealand Subcommittee of iappANZ is chaired by lawyer Emma Pond. More than half the subcommittee members hold current practising certificates and over 70% have law degrees.