Section 151 of the PRIS Act requires that the privacy officer of a public entity is the principal officer or another senior officer.
The privacy officer is responsible for:
- promoting compliance with the IPPs and Part 2 of the PRIS Act;
- coordinating the preparation of the information breach policy and maintaining the register of notifiable information breaches;
- ensuring privacy impact assessments are conducted;
- coordinating the response to privacy complaints about the public entity;
- coordinating the public entity’s dealings with the Information Commissioner, including in relation to privacy impact assessments, privacy complaints, and any investigation, monitoring or assessment conducted by the Information Commissioner.
Under the PRIS Act a ‘senior officer’ is ‘an officer of the entity who has managerial responsibility’ and includes the principal officer.
Determining which senior officer should be the privacy officer will depend on the size and structure of the public entity. Whilst there is no minimum public service level requirement for a privacy officer, they must be at a sufficiently senior level, and have the skills and knowledge, to meet the responsibilities set out in the PRIS Act. The privacy officer should be able to influence stakeholders, and effect the organisational change required to promote strong privacy governance.
Print this page
