Doing privacy well

The Office of the Privacy Commissioner - Te Mana Mātāpono Matatapu has recently launched a free online toolkit to help businesses and organisations do privacy well

Our country’s organisations and businesses are diverse, and having strong privacy looks different for each. The new online toolkit, called Poupou Matatapu, aims to help everyone choose solutions that are fit for purpose. When developing Poupou Matatapu, the team behind the toolkit worked with organisations to identify what they struggled with when complying with the Privacy Act and what kind of policies and processes would help manage their privacy obligations and risk. They were also asked how they could be assisted to build a privacy-protective culture throughout their organisation.

The Office often sees that organisations’ privacy programmes are reactive, responding to a specific event or inquiry or not having the time or resources to proactively implement a strategy. Organisations often improve practice by responding to the event but may then lose momentum. Building an effective privacy management system requires continuous improvement to lift capability, maintain good practice once this is achieved, and establish a privacy culture that reflects the values of your organisation.

“Poupou Matatapu sets our expectations about what good privacy practice looks like and then helps you get there. Doing privacy well is essential for compliance and risk management, but it also helps your organisation to improve its data quality, innovation, customer and stakeholder trust, and decision-making processes,” says Michael Webster, Privacy Commissioner.

“A strong privacy culture is increasingly a competitive advantage.”

What does the name Poupou Matatapu mean?

The meaning behind te reo Māori name Poupou Matatapu is the poupou (posts or pillars) of matatapu (privacy). Essentially, the foundations of doing privacy well.

The 10 pillars of the toolkit are:

1. Governance

2. Know your personal information

3. Security and internal access controls

4. Transparency

5. Building capability and awareness

6. Breach management

7. Responding to requests and complains well

8. Assessing risk

9. Measure and monitor

10. Privacy management plan

Take charge of your organisation’s privacy by visiting the online toolkit.