Embed privacy from the outset

Minimum you need to do

Embed privacy into service design at the outset of your project.

Privacy practices 

Contact your agency’s privacy contact officer or legal team for advice on how to embed robust privacy practices from the start of your project. 

Use the Information and Privacy Commission’s checklist to identify privacy issues to help you identify any relevant issues to discuss. 

Ensure your teams think about your customers’ points of view. Consider for example: 

  • What information do you tell them you will be collecting? 
  • How do they feel about giving you their address or phone number? 
  • Is it necessary to collect this information? 
  • How will you manage and store the information you collect?
  • Have you sought full consent from your customer to collect and use the information?

Privacy by design

Look into applying 'privacy by design'. Privacy by design is a process for embedding practices into your design. It helps you to proactively identify any privacy risks while developing your service, so you can offset them as part of the design. Talk to your privacy contact officer.

Privacy management plan

Familiarise yourself with your agency’s privacy management plan. It sets out how your agency will comply with the privacy legislation. Every NSW Government agency must have one.

Privacy impact assessment

Use a privacy impact assessment (PIA) when planning your project to help:

Use your PIA as a tool rather than a compliance exercise. You should update it as you make changes to your service design. For more information go to the guide to privacy impact assessments in NSW.

How to show you’ve met this privacy planning need

You will have:

  • talked to your privacy contact officer, legal team or the Information and Privacy Commission NSW to help meet privacy requirements when designing your service

  • read your agency’s privacy management plan

  • assessed whether you need a privacy impact assessment for your project and used one if suitable.

Last updated