We work with you to ensure 3 levels of compliance are achieved – not just legal compliance with privacy laws, but also operational compliance from a practical perspective and, importantly, strategic compliance so you can use your data in the way you want to support your organisation’s objectives.
How we can help you
We will help you better understand your privacy and data security obligations regarding how you handle “personal information” – i.e. information that identifies your staff, volunteers, clients, students or other stakeholders. Your privacy obligations apply to all points of the “information lifecycle”, when you collect, use, disclose, store, destroy, and de-identify “personal information”.
Our privacy and data security team works with a large number of corporates, schools and not-for-profit organisations regarding their privacy compliance including:
- Policies and procedures, including information security and recordkeeping, in addition to the standard privacy policy;
- Supporting responses to information requests from individuals, and to subpoenas and information sharing requests under statutory schemes;
- Document retention schedules and archiving processes against sector standards to ensure the maintenance and security of certain records which are prohibited from being destroyed;
- Consent, capacity and collection statements – including complex questions of consent in relation to vulnerable people;
- Responding to privacy or data breaches;
- Conducting privacy audits and preparing compliance reports;
- Developing data breach response plans;
- Privacy framework design – proactive redesign of processes to implement privacy-by-design;
- Training boards and staff on how to mitigate the risks of privacy and data security breaches, and implementing privacy protections into their everyday habits; and
- Simulated data breach workshops.
What you can expect
Investing time upfront to understand
We spend time upfront, ensuring we understand how you use information, so your policies and procedures actually work for your organisation and are harmonised with your strategic plan. We understand that our clients often work with vulnerable members of the community, for whom privacy and data security is particularly important.
Tailored, practical deliverables
We do more
than just give you a policy. This is
key, but it does not help you know how
to comply. We will always ensure that
your policy and helpful procedures are tailored to how you actually work and
are practical. We also support you as you change the way you use
information more strategically.
Staff Privacy Training
Training is a key part of ensuring your staff embed privacy protections into their work, as well as helping them to understand their obligations to protect the personal information of your stakeholders from breaches.
Our clients regularly praise our engaging, informative and entertaining privacy training. This brings it all together and leaves participants with easy-to-remember key messages.
Deep understanding of the regulatory environment
Privacy and data security is a complicated legal landscape with multiple jurisdictions and organisations often having additional requirements in funding agreements. We translate this web of legal obligations into actionable recommendations and advice.