As Western Australia’s public sector becomes more connected, data-rich and service-driven, the old model of treating cyber security, privacy and data sharing as separate conversations is becoming harder to sustain.
In this Q&A, Steven Paice, CISO, South Metropolitan Health Service, shares why WA agencies need a more unified trust framework, what mindset shift leaders must make to move from restricting data to sharing it responsibly, and where organisations can start if they feel stuck in silos.
Ahead of Government Cyber Security Showcase Western Australia 2026, Steven also outlines the practical action he hopes delegates take back to work: focus on the cyber risks that matter most, and make them visible, measurable and owned. Steven is confirmed to speak in the panel “Cyber, Privacy and Data Sharing – One Conversation, Not Three” at 12:00 PM–12:30 PM on Tuesday, 25 August 2026
Explore the event: Overview page | Agenda page | Registration page.
Public Sector Network:
At a high level, why do cyber security, privacy and data sharing need to be treated as one conversation now in WA?
Steven Paice:
In Western Australia, cyber security, privacy and data sharing need to be treated as one conversation because state services rely on securely sharing sensitive data across interconnected systems to deliver safe, coordinated care and public services.
Bringing them together helps protect systems while ensuring personal information is handled in line with community and legislative expectations. Consistent and appropriate data sharing enables better clinical and operational outcomes, and treating these as one conversation gives the State a more balanced approach — reducing risk, supporting policy compliance, and maintaining public trust while enabling safe, effective service delivery.
Public Sector Network:
What is the biggest mindset shift leaders need to make to move from “protect and restrict” to “share responsibly and securely”?
Steven Paice:
The shift is from avoidance to enablement. We need to equip people with the information and skills to ask, “How can we share information safely?”
That requires accepting that data sharing is essential, not optional, for outcomes, innovation and service delivery. We need to use the tools we already have to embed security and privacy as enablers, not blockers.
Hear Steven Paice at Government Cyber Security Showcase Western Australia 2026 in the panel discussion “Cyber, Privacy and Data Sharing – One Conversation, Not Three.” The session will examine how agencies can align privacy obligations with cyber controls and data use, break down policy silos, and design systems where trust, access and protection coexist.
Explore the event: Overview page | Agenda page | Registration page.
Public Sector Network:
When you think about building public trust, what are the few core principles that should guide decisions on access, use and protection of data?
Steven Paice:
It is about balancing a clear purpose, controlled access, strong protection and visible accountability, while still enabling data to deliver value.
Some of the principles that support this include least privilege, transparency of purpose, privacy by design and continuous visibility to maintain trust.
Public Sector Network:
What are the most common pitfalls you see when agencies try to align cyber controls with privacy obligations, and how can they avoid them?
Steven Paice:
The most common pitfalls are disjointed governance and ownership, where teams operate in silos and make inconsistent decisions; lack of data context, where agencies misunderstand data sensitivity, purpose and lifecycle; a compliance-first mindset, where checklist thinking overtakes real-world risk and outcomes; and treating cyber and privacy as competing priorities, when they should be working together to protect trust and manage data risk.
Agencies can avoid these pitfalls by focusing on safe and responsible data sharing, establishing cross-functional governance, demonstrating effectiveness through measurable outcomes, and tailoring controls to the sensitivity, use case and impact involved.
Public Sector Network:
For organisations that feel stuck in silos, what is one practical starting point to bring cyber, privacy and data teams into a single operating rhythm?
Steven Paice:
The most practical starting point is to stop working in functions and start working on decisions together.
Choose a single high-value data use case and appoint an accountable owner. Then leave the first meeting with agreement on the purpose and value, the key risks, and the minimum set of controls needed to proceed safely. From there, document, implement and review it through a regular cadence.
Public Sector Network:
For GIW WA Cyber specifically, what do you want delegates to take away from your session, and what is one action you hope they implement back at work?
Steven Paice:
Improvement is not about doing everything. It is about doing the things that reduce the risks that matter most to your organisation.
Pick your top three cyber risks and make them visible, measurable and owned. That shifts the conversation away from cyber as a purely technical issue, creates accountability and builds momentum through visibility.
Join Steven Paice at Government Cyber Security Showcase Western Australia 2026 to hear how WA agencies can move from siloed governance to a more unified trust framework across cyber, privacy and data sharing. The event overview positions this as a key theme for WA’s cyber maturity as agencies strengthen visibility, operational resilience and trust across a highly interconnected public sector environment.
Explore the event: Overview page | Agenda page | Registration page.
Help your peers
Share what you've learned with fellow public servants