Takes steps to make privacy a priorityAlliance Business Technologies
This week the Office of the Australian Information Commissioner (OAIC) has launched the Privacy Awareness Week 2021 campaign to help individuals and businesses to make good privacy decisions and protect their personal information when online.
Our personal information is valuable and worth protecting. But if you don’t know how, you are not alone. Even though most Australians (85%) have a clear understanding of why they should protect personal information, 49% don’t know how to go about it. Many aren’t doing enough to safeguard their privacy due to lack of time, knowledge and the perceived difficulty of the process.
Below is the OAIC’s top 10 steps to protecting your business information that you can take right now.
1. Prioritise staff training
If you or your staff handle personal information in your day-to-day work, make sure you take steps to protect it. Prioritise training staff on secure information handling practices and make sure they understand how personal information must be handled throughout the information lifecycle; from collection, use and disclosure through to security and deletion. Read more.
2. Reduce the risk of data breaches caused by human error
Human error is the cause of more than one in three data breaches notified to the OAIC. That includes emailing personal information to the wrong recipient, failing to BCC on group emails, and the unintended release or publication of personal information. Reduce the risk of a human error data breach by educating staff and putting controls in place. This could include disabling the autofill function in email platforms or implementing a prompt function before staff send an email to external addresses.
3. Physically protect personal information
Physical security is an important part of ensuring personal information is protected, especially as many people continue to work remotely. Make sure screens are angled so they can’t be viewed by anyone else and lock your devices when not in use, including when you step away from your desk. Be conscious of how you store physical documents too. Don’t leave hard copy documents with personal information on your desk — put them in a suitably secure locked drawer. Read more.
4. Prepare a data breach response plan
Make sure your organisation is prepared for a data breach with a clear and practical response plan that follows four key steps: contain, assess, notify and review. Treat each data breach or suspected data breach seriously. Breaches that may initially seem minor may be more significant once their full implications are assessed. Ensure staff understand their roles, responsibilities and what actions they are expected to take to respond to a data breach. Read more.
5. Put secure systems in place
Regularly monitor, review and improve your privacy practices and systems to ensure that they remain effective and appropriate for your organisation. Having strong and secure systems in place helps to protect personal information from misuse, loss or unauthorised access or disclosure. See the OAIC’s guide to securing personal information to understand why it matters and how to achieve it. If unsure your business is IT security compliant, please contact us to learn more.
6. Build in privacy by design
Make privacy a priority within your organisation by building it in from the start – it’s more costly and difficult to do it later. Adopting a ‘privacy by design’ approach means designing your products and services to minimise, manage or eliminate privacy risks. In editionembed good privacy practices into internal systems and processes. Read more.
8. Undertake a Privacy Impact Assessment
Undertake a privacy impact assessment (PIA) for projects that can put individual or customer privacy at risk. A PIA is an essential tool for protecting privacy, identifying solutions and building trust. It identifies the potential impact of a new project or process and how to manage, mitigate or eliminate privacy risk. Our Guide to undertaking privacy impact assessments features a step-by-step tool to help you complete a PIA. Read more.
9. Only collect the information you need
The collection of personal information is an important part of the public health response to COVID-19. Agencies and businesses should limit the information they collect to the minimum amount necessary. Ensure that the information you collect is only used and disclosed for the intended purpose, and that you are taking reasonable steps to protect this information. Get more privacy tips at our COVID-19 advice hub. Read more.
10. Making privacy a priority comes from the top
A strong leadership commitment to a culture of privacy is reflected in good privacy governance. This can improve business productivity and help to develop more efficient business processes. Good privacy governance will help your organisation manage both the risk of a privacy breach, and your response. Have a Privacy Management Plan in place and use our resources to assess your privacy practices and set goals and targets. Read more.
As your Managed Services Provider, we are always here to answer any questions or concerns you may have regarding the protection and privacy of your online data. If you would like talk to someone, or find out more about our IT security services and assessments available, please contact us today.
Source: Office of the Australian Information Commissioner (2021, May 4). Privacy Awareness Week 2021. Retrieved from Privacy Awareness Week – Tips to protect personal information at work (oaic.gov.au)