The Oce of the Australian Informaon Commissioners (OAIC)
Privacy management framework (Framework) outlines steps
to take to meet your ongoing compliance obligaons under
Australian Privacy Principle (APP) 1.2.
A key tool to help you meet these requirements is to develop
and implement a privacy management plan.
A privacy management plan is a document that idenes
specic, measurable goals and targets that idenfy how you will
implement the four steps outlined in the Framework.
This template is designed to help you develop a privacy
management plan for your enty. Which commitments you
implement within each step, and who performs these, will
depend upon your parcular circumstances, including your
entys size, resources and business model.
You may be able to adapt this template to include specic
details around how you intend to implement each commitment.
Alternavely, it could be appropriate to specify these details in
a separate project plan, dependent on the size and scale of the
relevant commitment.
Privacy management plan
Office of the Australian Information Commissione
Step 1 — Embed: a culture of privacy that enables compliance
Acon Posion responsible Due Status
Adopt a ‘privacy by design’ approach (see the Guide to undertaking
privacy impact assessments)
Assign key roles and responsibilies for privacy management
Assign sta responsibility for managing privacy
Create reporng mechanisms that ensure senior management are
rounely informed about privacy issues
Ensure sta understand their privacy obligaons and the roles of the OAIC
Step 2 — Establish: robust and eecve privacy pracces, procedures and systems
Acon Posion responsible Due Status
Keep informaon about your business’s personal informaon holdings
(including the type of informaon you hold and where it is held) up
to date
Develop and maintain processes around the handling of personal
informaon prior to collecon, while personal informaon is
held and once it is no longer needed (see the Australian Privacy
Principles guidelines)
Integrate privacy into sta training and inducon processes
(�ee the OAICs privacy training resources)
Develop and implement a clearly expressed and up to date privacy policy
(see the Guide to developing an APP privacy policy)
Implement risk management processes to idenfy, assess and manage
privacy risks across the business (see the Guide to undertaking privacy
impact assessments)
Establish processes for receiving and responding to privacy enquiries
and complaints (see Handling privacy complaints)
Establish processes that allow individuals to promptly and easily
access and correct their
personal information (see more on Access and
Create a data breach response plan (see the Data
breach preparation
and response)
Step 3 — Evaluate: your privacy pracces, procedures and systems to ensure connued eecveness
Acon Posion responsible Due Status
Regularly monitor and review privacy processes, policies and noces
Document compliance with privacy obligaons, including keeping records
on privacy process reviews, breaches and complaints
Measure your performance against this privacy management plan
Create channels for sta and customers to provide feedback on
privacy processes
Step 4 — Enhance: your response to privacy issues
Acon Posion responsible Due Status
Use the results of evaluaons to make changes to pracces, procedures
and systems to improve privacy processes
Have your privacy processes externally assessed/audited to idenfy areas
for improvement
Keep up to date with issues and developments in privacy law and
changing legal obligaons
Monitor and address new security risks and threats
Examine and address the privacy implicaons, risks and benets of new
technologies. Consider implemenng privacy enhancing technologies
that allow you to minimise and beer manage the personal informaon
you handle
Introduce iniaves that promote good privacy standards in your
business pracces
Parcipate in Privacy Awareness Week and other privacy events
Oce of the Australian Informaon Commissioner
GPO Box 5218 Sydney NSW 2001
enquiries line: 1300 363 992
Chrome Web Store
It looks like you haven't installed the Fill Chrome Extension Add to Chrome