All staff should be trained in privacy practice. However, different staff will have different training needs depending on how much personal information they manage in their day-to-day job.

All staff should understand the basics, ie, the information privacy principles from the Privacy Act, what personal information is and what to do in the event of a privacy breach.

Larger organisations could consider creating a short privacy module for staff, especially as part of an induction package.

• Office of the Privacy Commissioner’s of privacy e-learning modules.
  Smaller organisations may wish to use the modules which include a 30-minute introduction to privacy, and a two to three-hour module on the Privacy Act.