Our website uses cookies so we can analyse our site usage and give you the best experience. Click "Accept" if you’re happy with this, or click "More" for information about cookies on our site, how to opt out, and how to disable cookies altogether.
We respect your Do Not Track preference.
The Privacy Act requires organisations to have at least one person who fulfils the role of privacy officer.
The person responsible for privacy matters depends on the size of your organisation, the work it does, and what personal information it handles.
In smaller organisations, the manager is normally responsible for all legal compliance, including privacy. Often an in-house complaints, human resources, or legal team will do privacy work as part of their duties. Large organisations, or organisations that handle a lot of personal information, may need one or more employees to be focused exclusively on privacy matters.
Whoever takes on the duties of a privacy officer, it’s important for managers in the organisation to take their advice seriously.
As well as being required by law, having a privacy officer is useful for your organisation. Good privacy builds trust with clients and employees and enhances a business’ reputation. An internal privacy adviser who is familiar with the business and privacy law adds value to your organisation.
Privacy officers can prevent or fix privacy issues before they become serious problems. This can save you money, or lost business. If someone complains that your organisation has breached their privacy, your privacy officer can help resolve things quickly and effectively.
Under the Privacy Act, the privacy officer must:
This doesn’t mean that the person who has been appointed as the Privacy Officer has to be the person individually responding to access and correction requests or complaints, but they will need to have oversight over the processes and policies that are followed by the people in the organisation who are responding to the requests and complaints.
They may also: