St. Vincent's accepted all of the assessments, and no doubt is working to address them. There are some valuable general guidelines to be drawn from this assessment.
Related organisational policy or procedural topics, like privacy and security management pertaining to it, should be consolidated into one manual or source.
Induction and topic training should be supported by written materials, and refresher courses for that training should be provided at regular intervals. The supporting written materials ought to be reviewed and updated regularly as well.
As with training materials, so security and access management systems and protocols need to be regularly reviewed and, where appropriate, updated and/or expanded. Systems and controls need to be in place to be able to monitor clearly how personal information is being accessed and used, and by whom.
A regular review of your privacy compliance will not only ensure compliance with Australian privacy law, it can in fact give you a much needed, refreshed perspective on your IT and security systems, as well as your internal policies and procedures.
Sign up for CIO Asia eNewsletters.