Natacha Doust

Responsibilities

• Led a multi-functional expert team tasked with complex administrative decision-making in the areas of information access, privacy and related internal reviews to deliver high-quality, correct and preferable outcomes.
• Formulated and delivered monthly online GIPA training and co-ordinator issues sessions, as well as bespoke in-person GIPA and Privacy training followed by Q&A.
• Forged strong stakeholder relationships to achieve comprehensive and timely compliance with legislative requirements.
• Refined staff performance through their continued development, training and sustained information sharing to foster excellence in a warm and collaborative team environment.

Achievements

• Case conference representative for TfNSW and Transport agencies at the NSW Civil and Administrative Tribunal this year, having achieved 100% dismissed or withdrawn reviews thus far.
• Currently developing a Reference Tool covering the various important aspects of legislation, templated precedents, caselaw, policy and guidance materials, as a learning and continuous improvement tool, and to ensure consistency in decision-making across the teams.
• Leveraged existing stakeholder relationships to identify and onboard new GIPA contacts in a newly restructured and downsized organisation with newly formed agency divisions, to continue delivering excellent work.

Responsibilities

• Directed and led an expert, high-performing Information Access Unit of 25 staff to achieve compliance in both timeliness and outcomes under GIPA and other legislation.
• Monitored performance and led continuous improvement strategies to ensure a best practice approach to successfully managing access requests and the proactive release of agency information.
• Trained, guided and mentored IAU and wider agency staff and educate stakeholders in the operation and application of GIPA and related legislation, and its practical effect on business areas outside the IAU.

Achievements

• Successfully transitioned the IAU and business areas’ GIPA processes through major organisational restructure, demonstrating strong and effective leadership and change management capabilities through significant upheaval.
• Strengthened agency partnership with the Information and Privacy Commission NSW, our oversight body, through outreach, in-person and over the phone engagement with IPC staff to better understand and meet regulatory expectations and to encourage further collaboration, in line with the Crown Solicitor’s endorsement of agencies engaging more candidly with their oversight body.
• Championed a collaborative leadership style by assigning chairing and other developmental responsibilities across the team, thus cultivating shared recognition and responsibility and motivating personal engagement.

Responsibilities

• Managed, mentored and supported a high performing team of Information Access professionals including staff acting at my own level, towards expert GIPA decision-making to meet time and quality deliverables.
• Guided and educated agency staff to positively shape underlying policy and governance of agency compliance, with a focus on best practice.
• Advised and instruct the Resource and Compliance team on case validity and scope, classification, resourcing and allocation, agency transfers and non-GIPA avenues for release of agency information.
• Led and directed the IAU, as a principal decision-maker, in managing high profile and complex matters through advice and escalation, and by taking on higher duties as needed.
• Routinely briefed Media, Executive Management and Ministerial teams and keep the Associate Director, Information Access apprised of risks, sensitivities, media and political issues relevant to each matter.

Achievements

• Consistently exceeded team KPIs for timeliness in response to nearly 1500 access applications under the GIPA Act, over a three year period as Manager, thereby also boosting IAU performance overall.
• Streamlined processes for early identifying matters more appropriately dealt through non-GIPA avenues when managing the RMS based IAU team, thus putting our resources to optimal and effective use.
• Organised and successfully delivered tailored GIPA & Privacy training sessions to RMS Divisions and Executives, which greatly improved internal collaboration and compliance with agency obligations.
• Empowered and equipped staff for excellence, through on-the-job training, targeted feedback, positive reinforcement and continuous improvement, giving rise to strong positive conduct, feedback and results.

Responsibilities

• Managed a significant caseload of complex and significant GIPA & Privacy matters, engaging in quality and timely administrative decision-making.
• Supported the Manager of the Information Access Unit (IAU), by keeping them informed of the progress of matters, advising on any risks and escalating issues for their attention, where appropriate
• Engaged with relevant stakeholders on the operation of the GIPA Act and Privacy and Personal Information Protection Act 1998 to negotiate positive outcomes through effective communication.

Achievements

• Exhibited strong knowledge & application of GIPA and Privacy legislation when managing a substantial and varied caseload of significant complex matters, which resulted in 100% timeliness on all matters under my management and the delivery of high quality, considered decisions that stood up on review.
• Provided invaluable support to IAU manager & team by streamlining work processes, researching legal interpretation and sharing valuable information with the team for a consistent and informed approach.
• Briefed Manager and Executive on the proposed delivery of work, including strategic considerations relevant to particularly complex or sensitive matters, and provided detailed and accurate advice on the operation of relevant legislation to both agency staff and external stakeholders.

Responsibilities

• Prepared submissions, Executive Briefs and requests for Legal Advice, conducting complex analysis of the Privacy Act and case law in setting out the Agency’s position on policy and regulatory matters, particularly in matters relating to technological advances and impacts on privacy.
• Assessed and responded to voluntary data breach notifications and built long-term productive relationships with entities subject the Federal Privacy Act to encourage voluntary notification of data breaches.
• Took enforcement action where appropriate and briefed the Commissioner on any proposed enforcement action to be performed on his behalf, including Commissioner initiated investigations (CIIs).

Achievements

• Successfully developed & delivered the OAIC’s first CII-related enforceable undertaking following the 2014 privacy reforms, including drafting relevant materials, negotiating stakeholder participation and agreement, thus generating positive precedential outcomes in a landmark case.
• Led a document template project to streamline the team’s communication strategies.
• Managed and finalised over 50% of all data breach notification matters as part of a three person team, and 95% of all telecommunications related submissions in 2014-15.
• Heavily contributed to an enforcement co-operation framework for proposed collaborations between the OAIC and international privacy regulators in 2016.
• Developed strong productive working relationships with Australian government and international agencies with cybersecurity and identity theft prevention functions, such as the AFP, CERT Australia, the ASD, through forums such as GPEN, APPA, APEC, to align our approach & promote collaborative enforcement opportunities.
• Conducted environmental scanning to identify relevant internal and external factors impacting our privacy regulatory action approach, including international and Australian case law, budgetary and resourcing constraints, media scrutiny, public interest and risk factors.

Responsibilities

• Perform federal privacy audits and data-matching activities on Australian government agencies on behalf of the oversight body, to promote good governance practices and improve privacy compliance overall.
• Drafted and delivered Audit and Data-Matching Reports, including recommendations on improved physical and digital privacy practices to auditees, as well as briefing the Executive and Management on the implementation of the se recommendations.

Achievements

• Led four of the five audits performed by the agency in 2013-14 and delivered quality audit reports within assigned timeframes.
• Developed strong working relationships with auditee agencies to ensure their implementation of the privacy recommendations made by the OAIC.
• Successfully contributed to the audit team’s 2013-14 forward working plan and developed a methodology to identify appropriate unfunded assessment targets over that period.
• Provided training on audit and data-matching processes to new staff, and delivered cross-team presentations to increase awareness of our function.

Responsibilities

• Led newly formed Privacy Mail Assessment team created to clear a backlog of several hundred high priority, time sensitive matters and new incoming matters in the Dispute Resolution Branch
• Briefed the Assistant Commissioner and DR Branch weekly on results, the status of the backlog, and new process proposals
• Guided and advised staff on complex or difficult complaints, including delivering complaints’ management training and mentoring to the team.

Achievements

• Successfully assessed and allocated all new and existing matters during my six weeks in the role, notwithstanding a substantial increase (200-300%) in matters received during the period (from 20-25 cases a week, to 70-100 cases), which resolved the backlog issue and restored timeliness.
• Streamlined and accelerated case resolution by identifying relevant privacy issues and devising an action plan for each matter, before allocating matters for completion.
• Supported and relieved team members and other DR Branch staff by finalising a substantial caseload of privacy complaints myself, thus reducing overall timeframes and clearing the backlog.
• Initiated an early resolution process which cleared approximately 50 cases per week by my team of 10 case managers, in which I reviewed and settled all outgoing correspondence.
• Developed and implemented six processes to improve the quality, timeliness & consistency of advice delivered through our complaints handling service, as well as implementing four of my predecessor’s processes.