For the purposes of this tool, data governance refers to the processes, systems and frameworks for using and managing data to:
- improve an organisation’s internal functioning; and
- help an organisation pursue valued goals and objectives.
Privacy governance encompasses the above as applied to ‘personal information’ under the Privacy Act 1988 (Cth) (Privacy Act), which is a subset of data relating to someone who is identified or reasonably identifiable.
The following sections outline the evolving regulatory landscape on data and privacy governance and its implications for boards, as well as provide questions to assist directors to understand and discharge their responsibilities in relation to this critical and growing area of governance.