The Privacy Act mandates that companies only collect and store the data they need.
Your de.iterate Data Register helps you:
Know what data you have in case of a breach
Document your risk management processes to protect sensitive data and reduce the chances of a breach
Destroy or de-identify data when it’s no longer needed
Be ready to handle requests for access or corrections
Understanding the fields in the 'Add Data Type' form is crucial for ensuring compliance with the Privacy Act.
Date Added
This field should be relatively straightforward—it's the date you added the data type to de.iterate. This field will be cross-referenced by your Compliance Calendar and any associated Assurance Tasks updated accordingly.
Name
This is the name of the data type you are recording. Some examples might include:
Finance Data
Business Operations Data
Employee Records
Suppliers
This field indicates which suppliers you share the data type with. For example, if you are completing the form for 'Finance Data', it is highly likely that you will need to select Suppliers like Xero, MYOB or QuickBooks (depending on the accounting software package you use).
Minimum Retention Period
This is the minimum amount of time for which you store this data type.
Maximum Retention Period
This is the maximum amount of time for which you store this data type.
Mode of Collection
Describe how you usually collect the data type. For example, if the data type is 'Employee Records', the mode of collection might be something link: online forms provided to employees for completion during their onboarding process.
Data Type Justification
Explain why your organisation needs to collect this data type.