In this final session, we’ll discuss how to measure your privacy maturity. We will also discuss how to build a sustainable privacy programme s and how to create a privacy roadmap tailored to your organisation’s needs.

Privacy Threshold Assessments (PTAs) and Privacy Impact Assessments (PIAs) are the best tools to spot privacy risks before they become problems. In this session, we will cover when is a PTA and/or PIA needed, how to structure one, and how to use it to influence projects from the start.

When individuals ask to view, access, or correct their personal information, you need to be ready. This session explains the rules around privacy requests, statutory timeframes, and common exemptions — including when redactions are justified.

Privacy breaches happen at every organisation, what matters is how you respond. Learn what qualifies as a notifiable breach, when and how to report to the Privacy Commissioner and impacted individuals, and the practical steps to contain and recover.

Get to grips with the Information Privacy Principles (IPPs) at the heart of the Privacy Act. This session covers what counts as personal information, the information lifecycle, and the obligations each of the 13 IPPs impose. Perfect for anyone building their privacy foundation.

As part of this session, we will cover common types of relationships between organisations and how this impacts indirect collection. As a result of indirect collection where you are collecting personal information from another organisation you are likely to want to introduce requirements into their contracts enabling you to be exempt from providing notice at the time of collection as they have already been provided notice by the disclosing organisation. Equally however where you are disclosing information to another organisation, they are likely to want to introduce similar requirements.

The upcoming changes introduce the requirement to provide a privacy notice to individuals where their information is collected indirectly unless one of the exceptions applies. During this session we will explore how this can be practically achieved and what exceptions may apply to the requirement to provide notice.

With the upcoming changes around providing notice when collecting personal information indirectly it is important to be able to identify where in your business indirect collection is occurring. During this session we will discuss common scenarios in which indirect collection occurs. We will also cover how previous and future Privacy Impact Assessments can be used to identify indirect collection.