Every day New Zealanders hand over their personal information to government departments in exchange for a range of services, from benefits to drivers’ licences. From the citizen’s perspective, these transactions are based on trust that their information will be handled safely and securely.
When that doesn’t happen, often because a public servant is genuinely trying to be helpful and makes a mistake, the responsible department comes under intense media and public scrutiny.
And every time a government department makes this sort of mistake, public trust is eroded in all departments’ ability to manage personal information well.
On 1 August last year, I issued expectations of good privacy practice and governance for the state sector and a self-assessment framework (you’ll find these online here).
Over the past nine months, I’ve been talking to government privacy officers and their executive teams to understand what support they need to meet these expectations. I’ve seen a wide range of privacy investment, capability and expertise across departments, depending on the size and complexity of the organisation and how much personal information it holds, as well as the mistakes they’ve made and the lessons learned.
In this time I’ve observed that executive oversight of privacy is the most powerful lever an agency can use to improve its overall privacy performance. Leaders’ understanding of an agency’s privacy programme, performance and risks enables solutions to be discussed at the top table. Leadership messages - that privacy matters and is the responsibility of all staff - raises privacy awareness in an organisation.
My message for chief executives is privacy is everyone’s responsibility. My message for frontline staff and anyone dealing with personal information is: treat it with the same care and respect as if it were your own.
Being privacy safe goes hand-in-hand with good customer service and is a foundation of transforming the way we do business in government. For the state sector, privacy doesn’t prevent us from delivering services; it is a fundamental pillar of great service delivery. That might mean we need to change the way we do things. Citizens have every right to expect their personal information will be kept secure and need to know that government takes all aspects of privacy and security seriously.
Regardless of the sector, shape or size of your organisation, Privacy Week is an opportunity to reflect on the personal information you hold and what you could do differently to ensure it stays secure. We all have a role to play and we can all make a difference.
Getting from good to great privacy management is a marathon, not a sprint. The GCPO team is here to help government agencies meet their privacy goals, with guidance, resources and support. You can contact the team at email@example.com.
Russell Burnard is the Government Chief Privacy Officer.