Our website uses cookies to give you the best experience and for us to analyse our site usage. If you continue to use our site, we will take it you are OK about this. Click on More for information about the cookies on our site and what you can do to opt out.

We respect your Do Not Track preference.

Guest post: Leading privacy across the state sector Russell Burnard - Government Chief Privacy Officer
4 December 2014

Russell B edit

Over the past few months, I have visited over 40 government agencies to talk about privacy. In many cases I’ve been impressed by the depth of knowledge that exists across the sector on this topic, although there is still much work to be done.

My primary focus as Government Chief Privacy Officer is to increase privacy awareness and capability across the state sector. Where government agencies might have lagged behind the private sector in the past, I now see them gaining ground in privacy management and practice. In some cases, they are exerting influence beyond their immediate environment.

Identification of risks, breaches and near misses is a core component of good practice for privacy management and governance. I’m a huge believer in ‘you manage what you measure’ so it just makes sense that good feedback loops to management will lead to continuous improvement in privacy practice.

As I’ve met with each agency, I have requested that my office be kept informed of material breaches on a voluntary basis. This is to ensure we are able to provide the right support, tools and guidance to achieve the desired sector-wide lift in capability.  

I have also advocated for voluntary reporting to the regulator, the Office of the Privacy Commissioner (OPC), because I believe anything that increases a regulator’s ability to understand the issues affecting its sector is helpful. At a practical level, both the OPC and my office can provide advice, support and counsel to manage breaches effectively.

My office also has a role in informing the wider state sector on ‘lessons learned’.

Current privacy legislation supports voluntary reporting of breaches to the Privacy Commissioner, but does not mandate it. This will change when proposed amendments to the Privacy Act come into effect and agencies will be obliged legally to report material breaches to the OPC, and in some instances to inform affected individuals. That government has committed to this legislative reform is evidence of the support that exists for the Privacy Commissioner to exercise his regulatory powers.

While I’m very proud to say that some of our large public sector agencies are already leading the way with voluntary reporting to the OPC, I will be welcoming this law change because I believe it reinforces best practice.

Russell Burnard is the Government Chief Privacy Officer.


, ,



No one has commented on this page yet.

Post your comment

The aim of the Office of Privacy Commissioner’s blog is to provide a space for people to interact with the content posted. We reserve the right to moderate all comments. We will not publish any content that is abusive, defamatory or is obviously commercial. We ask for your email address so that we can contact you if necessary to clarify your comment. Please be respectful of authors and others leaving comments.