TOOLS FOR THE INFORMATION OFFICER

The information officer has wide-ranging responsibilities which can be made easier to fulfil with the aid of tools.

 

Documentation of Organisational Roles and Responsibilities

Participating in the development of policies and procedures requires the information officer to maintain regular liaison with relevant departments in respect of any changes to processing activities.

Legal Register

A record of legal obligations is maintained against which to validate the legal basis for processing personal information, retain records and ensure that the processing of personal information is lawful.

Inventory of Processing of personal information

The task of maintaining records of processing operations under the responsibility of the controller or the processor is one of the tools enabling the information officer to perform his or her tasks of informing and advising the responsible party or the operator, and monitoring compliance with the Act.

Contracts Library

Details of outsourced processing operations under the responsibility of the operator enables the information officer to perform his or her tasks of informing and advising the responsible party or the operator, and monitoring compliance with the Act.

Privacy Impact Assessments

A structured approach that can help information officers identify the most effective way to comply with their data protection obligations of the Protection of Personal Information Act and meet individuals’ expectations of privacy.

Knowledge Base of Vulnerabilities

An up-to-date reference source of data protection vulnerabilities to support a risk-based approach to protecting individual rights and freedoms, and recognising and notifying the Information Regulator and affected individuals.

Privacy Risk Register

A record of the type and current status of risks.

Follow-up of Corrective Actions within the organisation

Translate what you’ve learned into actual actions that can serve as evidence of your compliance.

Workflow and Automated Notification

Automated process triggers to alert personal that action is necessary.

Traceability of the Procedures

Evidence maintained to demonstrate compliance whenever requested.

Information Request and Complaints handling 

Record, track, handle and resolve data subject and Information Regulator information requests and complaints.

Incident Response 

Prepare to respond efficiently and effectively to privacy breaches.

Reporting

Monitor and report on the status of data processing activities.

Staff Awareness and Training

Support organisational culture change through ongoing awareness programmes and training.

Compliance Audits

Checklist maintained to regularly verify that the rights and freedoms of individuals are being protected.