Topic 4 Mapping information flows

10 minutes

Learning objectives

Understand the importance of mapping information flows for your project
Identify and document the information flows in your project

Video transcript

[ON SCREEN] Privacy impact assessments: Mapping information flows

[VOICEOVER] Mapping and describing information flows is a key part of a privacy impact assessment. This will help you to identify key points of the project where privacy might be at risk. Consulting with other stakeholders is important. Without talking to other people, you risk overlooking things that you may not have originally considered. Your information mapping should include:

whether identity verification is necessary
what information will be collected and how it will be used and disclosed
the process for ensuring quality of information
the specific security safeguards in place
how information will be destroyed, and
how individuals can access and correct their information.

You should also consider if information crosses organisational boundaries and how it is used and stored in those instances. Understanding how your project deals with these areas will draw your attention to any potential privacy issues. This information can then be used in the next stage of the process: privacy impact analysis.

[ON SCREEN] For more information, visit www.oaic.gov.au.

Direct YouTube link: https://youtu.be/zCLIlxL65BA. If YouTube is blocked, try this video.

Step 5 Mapping information flows

After you have planned how the PIA will be conducted, and identified who you will need to consult, you need to describe and map your project’s personal information flows.

The purpose of mapping information flows is to describe how your project deals with personal information. Consider using diagrams to depict the flow of information, or tables setting out the key information for different types of personal information to be used in the project. The method you decide to use will depend on the complexity of the information flows in your project. Remember that clearly mapped information flows will assist you to identify privacy issues in the next stage of the PIA process.

Your analysis should be detailed, and should consider:

Click on each for more information

Will identity verification be necessary as part of your project?
- What will the identity verification process look like?
What personal information will be collected as part of your project, and how and why will it be collected?
- Where will the information be collected from, for example, directly from the individual, from other individuals or entities, or from publicly available sources?
- What legislation, if any, authorises or requires the collection?
- Is it necessary to collect personal information from individuals, or can you collect information anonymously or pseudonymously? Can individuals choose not to provide some or all of the personal information?
- Will any potentially sensitive or intrusive methods of collection be used, for example, photographs, fingerprinting, drug testing?
- What information will be provided to individuals about the collection, and how will it be given?
How, to whom and why will personal information be used (internally) or disclosed (externally)?
- How do the uses or disclosures relate to the purpose of collection?
- What measures are in place to prevent uses or disclosures for secondary purposes, or to ensure that any secondary uses or disclosures are permitted under the Australian Privacy Principles (APPs)?
- Will your project involve data linkage or matching? If so, how will this be done? What safeguards will be in place?
- What privacy protections will be in place to protect the personal information after it is disclosed?
What processes are in place to ensure that only relevant, up-to-date and complete information will be used or disclosed?
- How will updated personal information be given to others (for example, contracted service providers), who have previously been given personal information about an individual?
What security safeguards are (or will be) in place to protect the personal information from loss, unauthorised access, use, modification, disclosure or other misuse (including for contracted service providers)?
- How will information be transferred between sites?
- How will personal information be protected if it will be managed by someone else?
- What systems will be in place to prevent and detect misuse or inappropriate access?
- When and how will personal information be de-identified or destroyed?
- If de-identified information is used, do safeguards need to be put in place to ensure that the information remains de-identified?
How will individuals be able to access and correct their personal information?
What does the current personal information environment look like, and how will your project affect it?

You should consider each business unit and organisation involved in the project, including contracted service providers and other jurisdictions, and outline how personal information will move between those units.

To map information flows effectively, you will need to communicate with other staff and project stakeholders. If you try to map information flows in isolation, you run the risk of overlooking valuable information about how the project will work and how personal information will be handled.

The OAIC’s Guide to undertaking privacy impact assessments sets out additional points for consideration when you are mapping the information flows of your project.

True or false?

“Mapping information flows should involve talking to colleagues and project stakeholders about how my project works and how personal information will be handled.” True False

Correct! Talking to colleagues and stakeholders will make sure you don’t overlook valuable information about the project, which could cause problems later on that may be difficult or expensive to remedy.

Incorrect. If you complete this step in isolation, you may overlook valuable information about the project, which could cause problems later on that may be difficult or expensive to remedy.

Case study

You decide that a diagram is the clearest way to map the information flows in the project. This is what you come up with.

Click on the Start button, and then click Next to work through the diagram.

We Sell Stuff (WSS)

Other WSS teams

Legal team
Orders team
Warehouse

Customer management
team

HelpingU

Customer

Data analytics company

Descriptions

We Sell Stuff’s existing customer database of 20,000 records

Names
Contact details
Order histories

HelpingU call centre staff collect personal information from We Sell Stuff customers

Names
Contact details
Complaint details (could include sensitive information)
Order information
Credit card information

HelpingU staff use identity information provided by customer to verify the customer’s identity against the information contained in the customer database

HelpingU provides customer personal information (collected in step 2) to We Sell Stuff’s customer management team

Various We Sell Stuff teams use customer personal information internally for various purposes relating to the customer’s order, enquiry or complaint e.g. Legal team, Orders team, Warehouse team

We Sell Stuff discloses de-identified customer information to the data analytics company

Data analytics company uses We Sell Stuff’s de-identified customer information to identify popular products and common complaints, and provide advice to We Sell Stuff on marketing strategies and customer service issues.

Over to you Your PIA worksheet

In ‘Your PIA’ worksheet, draw an information flow diagram that illustrates how personal information is likely to flow between all stakeholders as a result of your project. Remember to take the factors outlined above into account.

Understanding and describing how personal information will be handled as part of your project will assist you to identify the privacy impacts of your project in the next step in the PIA process: privacy impact analysis.