PRIVACY IMPACT ASSESSMENTS IN THE EDUCATION SECTOR
A local tertiary education provider appointed Mobius Consulting to perform detailed privacy impact assessments (PIAs) of a select number of divisions within the university using a pre-defined customised approach, which was developed with the assistance of Mobius Consulting on a previous engagement.
The project’s objective was to facilitate workshops and collect relevant background and personal information processing documentation for the in-scope departments to complete the privacy impact assessments on behalf of the privacy division, assisting with capacity constraints and feeding into the wider privacy program.
Key PIAs for finance and human resources covered the following:
- To provide engaged employees with privacy awareness/ knowledge.
- Determine the extent of personal information processing across the divisions and their functions.
- Determine the points where personal information enters and exits the divisions and their functions.
- Identify third parties that process personal information on behalf of the divisions and their functions.
- Identify systems that capture, process and store personal information across the business.
- Identify cross-border information flows.
- Provide practical remedial controls that the organisation can assign to the appropriate owners.
Mobius used a practical, interactive approach to identify and engage with the appropriate stakeholders throughout the project. As a result, processes requiring remediation were identified, and the organisation could initiate projects to address their compliance shortcomings.
Contact us if you are concerned about the state of your organisation’s Privacy. We can help you.