Search

Regularly undertake privacy impact assessments and plan to incorporate these service improvements. Use methods or tools such as:
Develop a standardised framework for conducting privacy impact assessments. The framework should outline the steps to identify and assess privacy risks associated with new projects or services.
Involve relevant stakeholders, including legal, compliance, IT and user representatives, in the privacy impact assessment process. This can help identify potential privacy risks and ensure assessments are comprehensive.
Establish processes for ongoing monitoring of privacy impacts as the service evolves. Regularly review and update the assessment to reflect changes in data practices, technology, or regulations.
Map out how data will be collected, processed, stored, and shared throughout the service lifecycle. Understanding these data flows is crucial to identifying potential privacy impacts.

Collect, store and use data ethically. Embed these methods into your ongoing processes and clearly communicate to users how their data is stored and used:
Adopt a data minimisation principle and only collect and store data that’s necessary for the service's functionality. This limits exposure to privacy risks.
Evaluate the quality of the data collected. Ensure that data is accurate, relevant and up to date to avoid misinterpretations and misuse.
Establish clear data retention policies that outline how long the data will be stored and the criteria for data deletion. This prevents unnecessary accumulation of data over time.
Implement role-based access controls to limit access to sensitive data. This reduces the risk of unauthorised access and enhances data security.
Establish and publish ethical guidelines regarding the collection, use and sharing of data. These guidelines should prioritise user privacy and consent.
Conduct regular audits of data collection and usage practices to comply with ethical guidelines and regulations.
Develop clear and concise privacy notices so users know how their data is collected, used and shared. Ensure these notices are accessible, easy to access and understand.

Document your findings and recommendations to apply criterion 7:
Clearly document privacy risks, potential impacts and mitigation recommendations.
Create actionable plans to address risks, including technical controls and policy revisions. Establish ongoing monitoring to update assessments as the service evolves
Map the data lifecycle, including collection, processing, storage and sharing, to identify potential privacy issues.
Make sure the data is collected and documented in a centralised knowledge repository.
Thoroughly document findings of the privacy impact assessment, include identified risks, potential impacts on user privacy, and recommendations for mitigating those risks.
Create action plans to address findings of the privacy impact assessment. This includes implementing specific technical controls, revising policies, or enhancing user communications regarding data practices.

Privacy impact assessment tool | OAIC
Step-by-step guide to Privacy Impact Assessments | Office of the Information Commissioner Queensland (oic.qld.gov.au)
Privacy impact assessments – Office of the Victorian Information Commissioner (ovic.vic.gov.au)
Privacy Impact Assessment Guide – Office of the Victorian Information Commissioner (ovic.vic.gov.au)
Undertaking a Privacy Impact Assessment | Office of the Information Commissioner Queensland (oic.qld.gov.au)
Retaining, managing and disposing of data and datasets | naa.gov.au
Guide - Data Sharing and Privacy (nsw.gov.au)
Securing customer personal data | Cyber.gov.au
Follow guidance on critical and emerging technologies
Stay current: Technology can advance at a staggering pace. If available, refer to government guidance on risks, opportunities and developments for up-to-date advice on critical or emerging technology that may impact the service.
Regularly check the Australian Government Architecture: Follow published guidance in the Australian Government Architecture for the adoption of critical and emerging technologies.
Off
Maintain interoperability in the face of new technology interoperability
Consider interoperability: Consider if new technologies will impact the service’s interoperability. Plan for its introduction or implementation in partnership with other affected agencies to prevent further divergence or disconnection.

Be digital ready: Undertake an assessment of the preparedness for new technologies. Consider the resources and training for a new technology that will be required by the agency and team.
Off
Track adoption of new technology
Track adoption: Prior to implementing a new technology, determine whether it aligns with the clear intent of the service and whether it risks leaving certain types of users behind. If implemented, monitor how users respond to the new technology and respond to any accessibility or usability concerns.
Off
Stay current: Technology can advance at a staggering pace. If available, refer to government guidance on risks, opportunities and developments for up-to-date advice on critical or emerging technology that may impact the service.
Regularly check the Australian Government Architecture: Follow published guidance in the Australian Government Architecture for the adoption of critical and emerging technologies.

Consider interoperability: Consider if new technologies will impact the service’s interoperability. Plan for its introduction or implementation in partnership with other affected agencies to prevent further divergence or disconnection.

Be digital ready: Undertake an assessment of the preparedness for new technologies. Consider the resources and training for a new technology that will be required by the agency and team.
Guidance to innovate with purpose
Exemption policy

Compliance & reporting

Digital Experience Toolkit
Stay up to date on critical and emerging technologies
Understand the latest guidance on critical and emerging technologies and track the adoption of new technology:
- Encourage staff to engage in ongoing training and professional development related to critical and emerging technologies. This includes conferences, webinars, or workshops about the latest advancements.
- Stay updated on guidelines and standards from reputable organisations that outline best practices for adopting and implementing new technologies.
- Collaborate with academic institutions, research organisations and industry leaders to access research findings and insights on emerging technologies. Partnerships facilitate pilot projects and experimentation.
Off
Environmental scanning
Conduct environmental scanning to assess the current technology landscape and determine if adopting new or emerging technology would be beneficial. Consider how users of the service would respond to the adoption. Use methods or tools such as:
- Perform a cost-benefit analysis to evaluate the potential advantages and disadvantages of adopting new technologies. Consider factors such as efficiency gains, user experience, improvements and potential cost savings.
- Engage with stakeholders and users to get perspective and insights on the potential benefits of new technology adoption.
- Review case studies from agencies or organisations that have adopted similar technologies. This will help to understand best practices, challenges and measurable benefits.
- Use scenario planning to explore potential future states and assess how different technologies might impact service delivery and user experiences. This helps to strategically assess risks and benefits.
- Collaborate with user advocacy groups or representatives to gather perspectives on how new technologies can improve user experiences and accessibility.
- Involve users in pilot testing new technologies. Their experiences provide critical insights into usability and overall benefits, helping agencies to make informed decisions about adoption.
Off
Document your findings
Document your findings and recommendations to apply criterion 8:
- Conduct cost-benefit analyses to evaluate the advantages and disadvantages of new technologies, engaging stakeholders and users to gather insights on potential benefits.
- Use scenario planning to explore the impacts of new technologies on service delivery and user experiences.
- Make sure the data is collected and documented in a centralised knowledge repository.
Off
Links
Scenarios | Department of the Prime Minister and Cabinet (DPMC)
Off
Understand the latest guidance on critical and emerging technologies and track the adoption of new technology:
Encourage staff to engage in ongoing training and professional development related to critical and emerging technologies. This includes conferences, webinars, or workshops about the latest advancements.
Stay updated on guidelines and standards from reputable organisations that outline best practices for adopting and implementing new technologies.
Collaborate with academic institutions, research organisations and industry leaders to access research findings and insights on emerging technologies. Partnerships facilitate pilot projects and experimentation.

Conduct environmental scanning to assess the current technology landscape and determine if adopting new or emerging technology would be beneficial. Consider how users of the service would respond to the adoption. Use methods or tools such as:
Perform a cost-benefit analysis to evaluate the potential advantages and disadvantages of adopting new technologies. Consider factors such as efficiency gains, user experience, improvements and potential cost savings.
Engage with stakeholders and users to get perspective and insights on the potential benefits of new technology adoption.
Review case studies from agencies or organisations that have adopted similar technologies. This will help to understand best practices, challenges and measurable benefits.
Use scenario planning to explore potential future states and assess how different technologies might impact service delivery and user experiences. This helps to strategically assess risks and benefits.
Collaborate with user advocacy groups or representatives to gather perspectives on how new technologies can improve user experiences and accessibility.
Involve users in pilot testing new technologies. Their experiences provide critical insights into usability and overall benefits, helping agencies to make informed decisions about adoption.

Document your findings and recommendations to apply criterion 8:
Conduct cost-benefit analyses to evaluate the advantages and disadvantages of new technologies, engaging stakeholders and users to gather insights on potential benefits.
Use scenario planning to explore the impacts of new technologies on service delivery and user experiences.
Make sure the data is collected and documented in a centralised knowledge repository.

Understand your environment - VPSC
Technology | Department of Industry Science and Resources
Information management for current, emerging and critical technologies | naa.gov.au
Cost Benefit Analysis | The Office of Impact Analysis (pmc.gov.au)
Guidelines: Cost-Benefit Analysis | NSW Treasury
further-guidance-04-cost-benefit-analysis-guide.pdf (statedevelopment.qld.gov.au)
Scenarios | Department of the Prime Minister and Cabinet (DPMC)
Establish a baseline for the service
Understand the current state: For existing services, determine the current state by identifying and reviewing existing metrics. For new services, establish a baseline for the problem identified in Criterion 1. Both are a yardstick to measure progress.
Use benchmarks to gauge performance: Compare the service to similar services or existing standards to identify areas of improvement. Seek out best practices of similar and well-performing services to consider if they can be adopted.
Off
Identify the right performance indicators
Select meaningful metrics: Collect metrics that accurately capture the service’s ability to deliver the outcomes that users expect. These might include adherence to design standards and privacy legislation, site/app performance, security benchmarks or tasks completed by users.
Off
Measure, report and improve according to strategies
Measure against the Data and Digital Government Strategy: Make sure the service meets the Data and Digital Government Strategy. Consider how information collected and reported could improve the service in line with the Strategy’s implementation plan.
Apply benefits management: All digital and ICT-enabled investment proposals must define their purpose, outcomes and methods for measuring, monitoring and optimising them. Find out more in the Benefits Management Policy.
Off
Understand the current state: For existing services, determine the current state by identifying and reviewing existing metrics. For new services, establish a baseline for the problem identified in Criterion 1. Both are a yardstick to measure progress.
Use benchmarks to gauge performance: Compare the service to similar services or existing standards to identify areas of improvement. Seek out best practices of similar and well-performing services to consider if they can be adopted.

Measure against the Data and Digital Government Strategy: Make sure the service meets the Data and Digital Government Strategy. Consider how information collected and reported could improve the service in line with the Strategy’s implementation plan.
Apply benefits management: All digital and ICT-enabled investment proposals must define their purpose, outcomes and methods for measuring, monitoring and optimising them. Find out more in the Benefits Management Policy.
Guidance to monitor your service
Exemption policy
5: Make it secure (Opens in a new tab/window)
Apply criterion 9 of the Service Standard: Monitor your service
To meet criteria 9 of the Digital Service Standard, refer to the Digital Performance Standard. The Performance standard is an extension of criteria 9 of the Service Standard.
On
To meet criteria 9 of the Digital Service Standard, refer to the Digital Performance Standard. The Performance standard is an extension of criteria 9 of the Service Standard.
Improve the service across its life
Make improvements: Increase people’s use of the service by continuously optimising performance, enhancing security, introducing relevant features, addressing bugs and increasing compatibility. Use metrics identified in Criterion 9 (‘Monitor your service’) to reveal the biggest opportunities for impact and ground improvements in evidence. Provide adequate training and materials for staff to support change.
Off
Schedule regular assessments
Undertake assessments: Define the goals and scope of the assessment then observe performance and experience over time. Performance metrics might include load times, responsiveness or bottlenecks. Experience metrics might include entry/exit points, dwell time or task abandonment. Ongoing monitoring should be part of business-as-usual processes and a detailed review part of regular service evaluation.
Off
Communicate service upgrades
Communicate the change: Develop a communication plan for how, when and through which channels to share updates and findings with users. When writing content, show how users’ feedback informed the actions that have been taken. Highlight key achievements or milestones reached and use real-life stories to demonstrate how users shaped change.
Off
Make improvements: Increase people’s use of the service by continuously optimising performance, enhancing security, introducing relevant features, addressing bugs and increasing compatibility. Use metrics identified in Criterion 9 (‘Monitor your service’) to reveal the biggest opportunities for impact and ground improvements in evidence. Provide adequate training and materials for staff to support change.

Undertake assessments: Define the goals and scope of the assessment then observe performance and experience over time. Performance metrics might include load times, responsiveness or bottlenecks. Experience metrics might include entry/exit points, dwell time or task abandonment. Ongoing monitoring should be part of business-as-usual processes and a detailed review part of regular service evaluation.

Communicate the change: Develop a communication plan for how, when and through which channels to share updates and findings with users. When writing content, show how users’ feedback informed the actions that have been taken. Highlight key achievements or milestones reached and use real-life stories to demonstrate how users shaped change.

Guidance to innovate with purpose

Exemption policy

Compliance & reporting

Digital Experience Toolkit

Guidance to monitor your service

Exemption policy

5: Make it secure (Opens in a new tab/window)

Connect with the digital community