1. Home
  2. Case Studies
  3. Case Study: Navigating Privacy during Transition: Comprehensive PIAs for the National Disability Insurance Agency

Case Study: Navigating Privacy during Transition: Comprehensive PIAs for the National Disability Insurance Agency

17 Jun 2024

The background

We prepared a series of PIAs for the Agency in relation to different stages of its transition from a legacy CRM case management system to a fully cloud-based operating system. This included assessing the privacy issues arising from the delta migration and ongoing replication of data across the two systems during the transition period, and how best to mitigate potential issues arising from the quality and security of personal information. We also completed multiple PIAs in relation to the rollout of new software platforms designed to monitor, identify and address cybersecurity risks. This required us to consider how these types of monitoring and compliance software aligned with the Agency's obligations under the Privacy Act.

Our services

We worked closely alongside the NDIA to assess the privacy implications arising from different stages of the Agency's transition to cloud-based systems. In order to work effectively, we developed a strong relationship with the agency's ICT project design team. We approached the project with a detailed understanding of the unique business needs of the Agency, including promoting user accessibility, facilitating user access by guardians and other authorised representatives, and assessed privacy risks and impacts from different external and internal stakeholders. Specifically in relation the compliance and monitoring systems PIAs, our consideration and analysis went beyond that of the specific projects to consider future capability within the Agency and to make recommendations in relation to updated privacy governance documents and processes that would support similar projects in the future.

Get in touch

Disclaimer
Clayton Utz communications are intended to provide commentary and general information. They should not be relied upon as legal advice. Formal legal advice should be sought in particular transactions or on matters of interest arising from this communication. Persons listed may not be admitted in all States and Territories.