IIS offers privacy consulting services that help you achieve your goals while building trust and stronger relationships with your customers. We provide services in three key areas - Innovation, Business as Usual, and Troubleshooting:
Information management is an integral part of the operations of both public and private sector organisations, especially as organisations collect increasing amounts of data both to target their products and services and to provide increasingly customised services that many customers expect.
Whether you are a business or government agency setting up new customer relationship management systems, managing identity or providing new online services, managing information well and gaining customer or citizen trust will be critical to your success. In this age of rapid technology development and deployment, keeping privacy front and centre is critical from a compliance and customer trust point of view.
Clients approach IIS at different stages of their personal information management needs. This could be when they are reviewing existing operations, developing a new service or product and are seeking to gain the edge through best privacy practice or when they have experienced a privacy incident. Some clients approach IIS after a privacy crisis or incident has occurred, whilst others take proactive steps to minimise the risk of privacy crises or incidents.
• Law reform
IIS leads public and private sector organisations to think through the practical implications of law reform proposals impacting on privacy and considers how regulation can be developed to enable personal information management approaches to keep up with emerging new business models. IIS is often invited to draft submissions on Bills and other legislative proposals or provide Privacy Impact Assessments on proposed new laws.
• Shaping future policy and ICT design and development
IIS is a globally recognised thought leader in the area of privacy and trust. IIS assists public and private sector organisations position themselves as future oriented and leading edge product and service providers. IIS conducts 'think tank' forums that connect people and ideas. IIS partners with Global Access Partners, a proactive and influential network which initiates high-level discussions at the cutting edge of the most pressing commercial, social and global issues of today, such as identity management, new approaches to privacy and trust in the information age and cloud computing. IIS is active in a number of US, EU and Australian thought leadership and ICT development initiatives, which ensures that its advice brings in state of the art knowledge with an insight into future directions.
• White papers
IIS delivers thought leadership pieces including the preparation of articles and white papers in a wide range of areas including e-government, information governance, identity management, regulatory design and international cooperation on cross-border data flows and cloud computing. A selection of these can be downloaded from IIS' publications page.
The Privacy Act places a positive obligation on organisations to have ongoing practices and policies that enable them to manage personal information in an open and transparent way. IIS is experienced in drafting clear and readable policies by using its layered notice approach consistent with the approach adopted by Privacy Commissioners globally, as well as helping to implement training and other internal procedures to ensure privacy is respected within your organisation.
IIS is able to identify and provide advice on technologies and services that assist with the incorporation of privacy by design into business processes and ICT.
IIS works with business process reengineering teams and ICT design and development teams as they embed privacy by design features and processes. IIS can actively engage with operational staff and management, developers, designers and engineers to incorporate privacy by design concepts into business processes from the start.
Privacy Impact Assessments (PIAs) enable public and private sector organisations to assess the impact of introducing new technologies, products and operational processes on the management of personal information. A PIA is essential when developing new services (whether off-line or online), processes or products involving personal information or when changing existing projects or services that may impact your management of customer/citizen data. Trust follows where organisations consider allocation of risks; individual control and accountability.
The IIS approach to PIAs builds on guidelines issued by the Australian and United Kingdom Information Commissioner offices. IIS' approach goes beyond mere compliance with privacy law; rather IIS looks to wider privacy challenges and opportunities including allocation of risks and individual trust and finds solutions that ensure information flows enhance the trust between customers, business and government. IIS pays particular attention to preventative measures and ex-post measures to resolve the inevitable problems that arise.
IIS can help build the privacy strategy to provide your public or private sector organisation with the building blocks for trusted engagements with customers and citizens. A privacy and trust strategy provides a 'blue print' for building trust and privacy from the beginning by:
IIS conducts privacy health checks for organisations wishing to assess the extent to which their current policies, procedures and ICT platforms are compliant with the law, vulnerable to privacy risks and/or meet privacy best practice. A health check is useful both before and after privacy incidents for organisations to reassure their customers that they have appropriate privacy processes and procedures in place. IIS provides practical solutions where privacy issues and risks are identified to meet your organisation's risk tolerance levels.
IIS provides privacy and trust advice informally and formally for short or long term periods, depending on client requirements. For example, IIS staff work in-house alongside staff during critical stages of the management of a data breach, conducting and implementing a Privacy Impact Assessment or privacy review. Some public and private sector organisations may need a Chief Privacy Officer, yet not require a full-time dedicated resource. IIS is able to provide outsourced privacy officer services on a retainer basis.
IIS advises public and private sector organisations on how to manage data breach incidents, other privacy crises and privacy complaints including how to respond appropriately to contact with privacy regulators and other external stakeholders. How an organisation handles a privacy incident impacts the organisation's reputation. IIS employs staff with over 60 years combined experience working in privacy and data protection, hence can steer organisations effectively through the public relations, regulator and user stakeholder engagements that arise in the aftermath of a data breach, privacy complaint or other privacy crisis. When managing a privacy incident, IIS advises on incident containment, investigation and customer notification as well as the following services:
• Regulator, customer and other stakeholder engagement
When public and private sector organisations review their operations, develop a new product or service or experience a privacy crisis, there is the potential impact many stakeholders, including customers/citizens, staff and management, media and regulators. IIS staff have decades of experience working within privacy regulators, including issues management and complaint handling, combined with exceptional external stakeholder engagement skills. IIS can assist by identifying and analysing stakeholder interests, developing engagement strategies and/or facilitating interactions.
• Privacy management plans for NSW government agencies as required by law
IIS develops and assists NSW government agencies in the drafting and implementation of Privacy Management Plans. Section 33 of the Privacy and Personal Information Protection Act 1988 (NSW) (PPIPA) requires NSW public sector agencies to develop privacy management plans which devise policies and practices to ensure their compliance with PPIPA and the Health Records and Information Privacy Act 2002 (NSW).
• Identity management
IIS provides world-class services in identity management, specifically in citizen centric identity management and ensuring trust in e-government initiatives. IIS has access to the most up-to-date and detailed intelligence about public and private sector global developments and is therefore in the unique position to 'connect the dots' for people developing identity management and e-government initiatives.
IIS consults to a range of public and private sector organisations on identity management and provides advice on how to achieve state-of-the-art citizen centric identity management systems and implement interoperable identity management systems.
• Privacy benchmarks
Your organisation's results are benchmarked across your peers and based on the performance of your call centre staff during the benchmarking, training and compliance resources are delivered to improve your organisation's ability to protect your customers' privacy, build customer trust and brand value.