Government Privacy Practice

The Government Chief Privacy Officer is reviewing the core guidance material that government agencies use to guide their privacy practice development and maturity. This is called the 'Core Expectations, and Privacy Maturity Assessment Framework' (PMAF).

The Data Protection and Use Policy is likely to form part of the refreshed guidance, when it becomes available for use in February/March 2021.

The refresh recognises the improvements that have been made to government’s privacy practices and capability since the initial implementation of PMAF in 2014.

The new core expectations and framework are being designed to align with the Data Protection and Use Policy, minimise agency workloads to complete their privacy maturity self-assessment, and provide both qualitative and quantitative insights about government’s privacy maturity and capability.

The new core expectations and framework will:

  • establish privacy and data protection as a core part of high-quality public service delivery
  • focus on the values, behaviours and practices that encourage a people-centred approach to privacy and data protection to complement established risk-informed practices
  • encourage an approach to data collection that clearly links the personal information collected to the desired outcome and that investigates alternative ways to accomplish the desired outcome that eliminates or reduces the need for personal information.

The refresh process is being guided by the values of respect, inclusion and transparency, in-line with the core concepts in the Data Protection and Use Policy.