It’s Australian Privacy Awareness week (May 13 to 20) and the theme is “From Principles to Practice”.
If your organisation deals with personal data, you will know that storing and using this data involves benefits and risks. Perhaps the most damaging is reputational risk. If you lose a client’s information, will they trust you again? A notorious recent example is the loss of 12 million customers’ bank statements held by the Commonwealth Bank.
This year, the Notifiable Data Breaches Scheme came into effect under the Commonwealth Privacy Act. This requires that Australian government agencies and organisations covered by the Privacy Act must notify individuals and the Commissioner about ‘eligible data breaches’. An eligible data breach occurs when:
- There is unauthorised access to or disclosure of personal information (or information is lost in circumstances where unauthorised access or disclosure is likely to occur),
- This is likely to result in serious harm to any of the individuals to whom the information relates, and
- The entity has been unable to prevent the likely risk of serious harm with remedial action.
To avoid data breaches and privacy complaints, organisations need to implement workplace privacy procedures to ensure privacy best practice. But what does this mean?
Current best practice thinking focuses on “privacy by design” and building privacy into “business as usual”. This involves proactively embedding privacy into the design and operation of your systems and practices. This approach allows organisations to innovate while safeguarding personal data.
Privacy impact assessments and privacy maturity assessments are recommended to assess your exposure and pre-empt privacy risk. Improving your response to a possible privacy breach is also important. Your leaders and managers should advocate privacy awareness to staff and privacy should be emphasised in induction training and KPIs.
Privacy breach is a financial, reputational and business risk. WEIR Consulting can help with a workplace investigation into privacy breaches, awareness training or assessment. Contact WEIR on (02) 8379 1298 or email firstname.lastname@example.org.