In the course of business, a potential interference with privacy may become apparent. If such issues arise, they should be addressed at the earliest opportunity. If the matter needs to be addressed by another group/service, it should be reported to the relevant area. The report should include:
- Heading – Privacy Issue (with ‘in-confidence’ caveat where necessary)
- summary of the issue
- any action taken prior to the report
- any relevant reference
- reporting officer contact details
If you are unsure of who should manage the issue, contact the Privacy Team in the Directorate of Rights and Responsibilities who will help determine the responsible area.
The responsible area is to:
- assess the matter;
- consult with relevant stakeholders; and
- resolve the issue.
If the issue involves a personal information security breach, such as an unauthorised disclosure, the responsible area should review the guidance to assist in the management of the breach. (Handling a personal information security breach)
Consideration could be given to completing the Defence Privacy Impact Checklist or conducting a privacy impact assessment if a particular policy or procedure is in question.