Privacy Law and Policy Reporter
Mapping the NPPs onto business and technology management processes
The first part of this paper, ‘Mapping privacy requirements onto the IT function’, appeared in the previous issue of PLPR.
The author has mapped the 10 National Privacy Principles (NPPs), together with the sub-clauses from the Privacy Act 1988 (Cth), onto generic business and technology management processes of concern to most organisations.
The purpose of this mapping is to expose the breadth and depth of impact that privacy compliance has on the IT function. It is hoped that such a mapping can lead to a common framework for analysing threats and risks to privacy compliance for each organisation. The subsequent detailed analysis can be varied in its detail according to the individual business context.
The mapping exercise could be readily modified or repeated for different sets of privacy principles, such as the Information Privacy Principles or the health sector principles drafted so far by some State governments. l
Stephen Wilson is Director, Identity Manage-ment, SecureNet and can be contacted at <firstname.lastname@example.org>.