Privacy Impact Assessment

Our client for this engagement was a key government agency responsible for digital health implementation and strategy. 


The client is responsible for driving innovation in the digital health arena, including through the development of its own digital health app. The provision of consumer-facing health information is governed by laws that impose both privacy and health information-specific obligations. The way organisations use and share sensitive health information using new technologies is also increasingly a matter of public interest and concern.

Our role

elevenM was asked to undertake a privacy impact assessment that considered the creation of a mobile application by the agency to be used for access to multiple digital health services.  Adopting a ‘privacy by design’ approach, we worked closely with the agency to share our findings with development teams in real-time and that the measure of a successful deployment of the app included the consideration of all facets including user experience, legal obligations and aligning with public sentiment. 

What we did

elevenM delivered a privacy impact assessment which: 

  • Identified compliance gaps needing rectification prior to ‘go live’ to ensure compliance with a number of applicable laws 
  • Made recommendations in support of a straightforward and easy to follow user experience with regard to privacy notifications 
  • Considered social licence by using agency-conducted research into app user attitudes  
  • Provided the privacy assurance needed for the agency to mount a successful launch of the app for consumers Australia-wide