The essential PRIS readiness guide

Organizations focused on ensuring customer privacy must adopt a proactive approach to adhering to privacy laws. When governments introduce or update existing regulations, you need to be ready to comply.

Earlier this year, the Western Australian government tabled new legislation, the Privacy and Responsible Information Sharing Bill 2024, aimed at strengthening privacy protections for Western Australians by enabling safe and secure sharing of information across the government and with trusted third parties.

As a government official in WA, ensuring that your agency meets PRIS requirements isn't just a regulatory obligation — it's a crucial step in safeguarding the trust of the public. Non-compliance can lead to significant risks, including data breaches, legal repercussions, and loss of public confidence.

Due to go into effect on June 30, 2025, PRIS brings with it new obligations for government agencies, but it also offers them a chance to modernise their data management and reduce risk and ongoing cost.

Now that we have an idea of the obligations PRIS will bring to government agencies, it is time to get PRIS-ready.

‍

According to the Western Australian government, PRIS aims to modernise privacy safeguards and enhance transparency and accountability in government information sharing.

The proposed legislation will require public sector agencies to consider privacy in everything they do when collecting or using personal information. The goal is a robust data privacy system that effectively protects the personal information of Western Australians.

The proposed new laws in Western Australia will focus on several areas of reform, including:  

• New Information Privacy Principles (IPPs) will be introduced. These are expected to align with the Australian Privacy Principles (APPs) in the Privacy Act.  

• Responsible Sharing Principles (RSPs) will suggest a framework for WA government organisations to share personal information responsibly. The RSPs aim to help these organisations balance the benefits and risks of data sharing.

• A Mandatory Data Breach Notification Scheme will be introduced. In the event of a serious data privacy breach involving personal information within a government organisation in WA, notification to the Privacy Commissioner will be mandatory. This aligns with the current rule under the Commonwealth Privacy Act.  

• Support for Aboriginal Personal Information Sovereignty and Governance will be introduced.

Who does PRIS apply to?

The PRIS laws apply to “IPP entities”. These include WA Ministers and parliamentary secretaries, WA public entities, and contracted service providers. While the rest of the categories are somewhat self-explanatory, “WA public entities” is a broad group that is worth unpacking. The category includes:

• WA departments and agencies

• Local government authorities

• Public universities

• Government Trading Enterprises

• And contracted third parties to government

‍

An essential step in responding to a privacy law like PRIS is with a comprehensive understanding of the data you hold, across all your applications and data stores. You need to understand what is stored where, who has access to it, and how it’s protected. An Information Asset Register (IAR) is a key tool for developing this understanding and allowing you to identify valuable information assets that need to be protected, as well as those that pose risk.  

When establishing such an inventory, you are essentially creating a list of information assets, along with accompanying metadata such as location, format, owner, and disposal class. organisation

But you can’t rely on a manual approach to creating a data inventory. Such an approach can involve significant effort from your entire team to ensure data from all your applications is included, leaving the organisation open to risk caused by human error. You will end up with a lack of certainty over the information an organisation holds and an increased likelihood that sensitive information will be missed.

How RecordPoint can help

RecordPoint offers a modern approach to data management, allowing organisations to maintain a continuously updated data inventory by managing data in place. The platform’s unified architecture allows for connection to a wide range of structured and unstructured data sources, including file shares, cloud platforms, and business applications. This flexibility ensures that regardless of where the data originates or its format, the platform can efficiently manage, classify, and govern it throughout its lifecycle.

By consolidating data inventory, data categorisation, data minimisation, and records management into a unified platform, you can empower your organisation to maximise data value and reduce risk at the same time, increasing staff productivity and future-proofing the business for tomorrow.

‍

At the core of any privacy-focused organisation’s data management efforts is the ability to identify sensitive data, including Personally Identifiable Information (PII) and Payment Card Information (PCI). Once you understand what you possess, you’re better equipped to comply with privacy regulations like PRIS, and you can manage access and security settings for sensitive content.

With RecordPoint’s automated classification and intelligent signalling driven by AI, manual records management is obsolete. RecordPoint allows you to tailor machine learning (ML) models to your organisation's unique policies for superior data categorisation and informed decision-making in privacy, migration, and minimisation efforts. Our intelligence engine prioritises data integrity, offering diverse content classification options while ensuring utmost security and confidentiality throughout the training process.

How RecordPoint can help  

Once you understand your data, you can make positive change within your organisation. With the intelligence you have gathered completing the above processes to refine your policies and improve procedures to reduce risk, for example by discouraging team members sharing files using chat apps like Microsoft Teams.

Then, once you’ve removed the ROT and managed access to what remains, you can confidently analyse your data to detect trends and gain strategic insights. RecordPoint’s deep reporting capabilities enable you to explore data in your preferred Business Intelligence platform, including Power BI and Tableau. Data governance metrics allow you to understand where your data is held, view trends like unsafe data-sharing practices, and surface data to comply with Data Subject Access Requests (DSAR), or requests for data to be deleted.

‍

A key element of PRIS is ensuring data is retained only as long as permitted and disposed of when required. Such retention and disposition practices must be defensible. It is essential data is classified correctly to ensure it has the correct retention schedules applied, and disposal happens when required.  

Strong retention and disposal processes also allow you to prevent an abundance of redundant, obsolete, and trivial data (ROT). ROT has little to no business value, but organisations often continue to retain it because they don’t realise it’s there. Such data accumulates naturally as employees save multiple copies of the same information, keep information too long, or store irrelevant or personal information on their work devices. ROT increases storage costs, impacts productivity, and may make compliance more difficult. Minimise data and reduce storage costs by implementing data disposal practices and eliminating ROT.

How RecordPoint can help

RecordPoint minimises manual effort and ensures compliance certainty through automated records management processes. RecordPoint’s classification engine works just as well for your redundant, obsolete, and trivial data (ROT) as it does for your high-value content. Minimise data by only keeping the information you need and disposing the rest with defensible disposal practices. This not only allows organisations to align their data management practices with PRIS, but also with other data privacy laws and recordkeeping regulations that may be relevant. All while removing the burden of records management activities on the end-users.

‍

Remember, PRIS is focused not only on privacy, but on facilitating secure information sharing. Responsible Sharing Principles (RSPs) offer a framework for WA government organisations to share personal information responsibly, allowing them to balance the benefits and risks of data sharing.

The goal is to provide Western Australians with better privacy and control over their personal information and improve the delivery of government services.  

How RecordPoint can help

Here, RecordPoint can play a vital role in ensuring traceable and secure data exchanges within and outside the agency. The platform helps enhance decision-making and data trustworthiness by tracking the origins, ownership, and lineage of data throughout its lifecycle with data provenance.

RecordPoint’s data discovery and automated classification capabilities allow for confidence in the data you possess, enabling secure sharing within and outside your organisation.

While it may feel like there is plenty of time before PRIS goes into effect, the time to look a becoming PRIS-ready is now.

Compliance is not the only reason to work on modernising your data governance. With RecordPoint, you can improve compliance, reduce ongoing costs, improve security, and simplify your data management processes. Retire your legacy electronic document and records management system (EDRMS) and deliver more secure and more streamlined services for your customers.

With a consolidated, PRIS-ready data governance platform, government agencies will identify significant cost-savings and drive greater operational efficiency. RecordPoint will simplify your PRIS journey with our expert guidance and robust tools. Future-proof your organisation with a scalable solution.

Take the first step by contacting us for a consultation, demo or signing up their interest for our PRIS readiness webinar.