Wilk Advisory is a sole practitioner governance, risk and cyber advisory practice operated by Jason Wilk. This policy explains how we collect, use, store and protect information in the course of our business, including information collected through this website and through advisory engagements.
As an advisory practice specialising in governance and cyber, we take the protection of information seriously. We apply the same principles we advise our clients to adopt: proportionate controls, clear accountability, and a focus on the information that matters most.
Wilk Advisory operates in accordance with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth). While certain small businesses may be exempt from some provisions of the Act, we voluntarily comply with the APPs as a matter of professional practice and in recognition of the nature of the information entrusted to us by clients.
Through this website: When you submit a message through the contact form, we collect your name, email address, organisation (if provided) and the content of your message. This information is transmitted via a secure Cloudflare Worker to our email and is not stored in any database.
Through advisory engagements: In the course of providing governance, risk and cyber advisory services, clients may share documents and information that contain sensitive organisational data. This may include board papers, risk registers, governance framework documents, strategic plans and related materials. These materials are the property of our clients and are treated as confidential.
Analytics: This website uses Cloudflare Web Analytics, which collects anonymised, aggregated data about site visits. It does not use cookies, does not track individual visitors, and does not collect personally identifiable information.
Information collected through the website contact form is used solely to respond to your enquiry. We do not add contact form submissions to marketing lists, and we do not share your details with third parties.
Client engagement materials are used solely for the purpose of delivering the agreed advisory services. We do not use client materials for any other purpose, and we do not share client materials with any third party without explicit written consent.
De-identified work samples: We occasionally use fully de-identified examples of past work to illustrate approaches and outcomes to prospective clients. When we do this, all identifying information is removed: client name, branding, colours, committee names, individual names and any other information that could identify the source organisation. The purpose is to demonstrate what good governance practice looks like, not to disclose anything about a specific client.
The protection of client information is central to our professional reputation and our obligations as a cyber governance advisor. We apply the following controls:
As a sole practitioner, the risk surface is limited: there is no staff access to manage, no shared network drives, and no complex access control matrix. This simplicity is a security advantage, and we maintain it deliberately.
Business continuity: As a governance and cyber advisor, we recognise that no set of preventative controls eliminates risk entirely. Our approach reflects the same principle we advise our clients to adopt: find the right balance between preventative controls and recovery controls. Our business continuity process is designed to fail gracefully. It includes multiple independent backup systems and alternative technology providers to address data and technology disruption, a crisis response and communications process, and a recovery plan focused on restoring our ability to deliver for clients as quickly as possible.
This website does not use tracking cookies or advertising cookies. Cloudflare may set a strictly necessary security cookie (__cf_bm) to manage bot protection. This cookie does not track your browsing activity and expires at the end of your session.
This website is hosted on Cloudflare Pages. Contact form submissions are processed by a Cloudflare Worker and delivered via Resend (a transactional email service).
Our primary business productivity and email platform is Microsoft 365, hosted by Microsoft in Australian data centres. Client documents and communications are stored and processed within this environment.
All third-party services are selected with regard to their data handling practices, security posture, and compliance with relevant Australian and international standards. We do not use any third-party analytics, advertising, or tracking services beyond Cloudflare Web Analytics.
We do not sell, trade, rent or otherwise disclose your personal information or client materials to third parties. Information may be disclosed where required by Australian law, regulation or court order.
In the event of a data breach involving personal information that is likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches scheme under the Privacy Act 1988.
For breaches involving client engagement materials that do not constitute personal information under the Act, we will notify the affected client directly and promptly, and work with them to assess and mitigate any impact.
You have the right to request access to any personal information we hold about you, and to request correction of any information that is inaccurate, incomplete or out of date. To make a request, please contact us using the details below.
If you believe we have breached the Australian Privacy Principles, you may lodge a complaint with us directly. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner.
Wilk Advisory uses AI tools in the creation of website content, insights articles, and client-facing materials.
Every insight, argument, and position published under the Wilk Advisory name is Jason Wilk's own: drawn from over two decades of governance practice, client work, and experience in boardrooms and organisations across Australia. The ideas, the judgements, and the professional reputation behind them are entirely human.
What AI contributes is craft: language, structure, fact-checking, and the kind of editorial discipline that turns a practitioner's thinking into clear, readable content. The substance is human. AI helps express it clearly.
This is a partnership, not a shortcut. Nothing is published that could not be defended in a boardroom without notes.
We believe transparency about AI use is itself a governance practice. Individual insights articles carry a specific disclosure. This section serves as the overarching statement for all content published on this website.
We may update this policy from time to time to reflect changes in our practices or legal requirements. The "last updated" date at the top of this page indicates when the policy was most recently revised. We encourage you to review this policy periodically.
If you have any questions about this privacy policy or how we handle your information, please contact:
Jason Wilk
Managing Director, Wilk Advisory