Blog

Five privacy priorities for businesses

Hayden Delaney, Steven Hunwicks, and Verity Stone / 16 May 2019

12-18 May 2019 is Privacy Awareness Week!  

HopgoodGanim ’s Intellectual Property & Technology team have put together a few notes on the five privacy priorities for Australian businesses:

1. Data breaches

Australia's notifiable data breaches scheme requires organisations regulated by the Privacy Act 1988 to notify individuals who are put at risk of serious harm due to a data breach.

 Privacy Awareness Week is a good time to:

  • verify your business’ data breach response plan is up to date  
  • review your privacy practices and policies 
  • educate your team about their information handling obligations 

2. Online Security

The Australian Cyber Security Centre publishes “The Essential Eight”, a prioritised list of mitigation strategies to help organisations protect their systems against a range of cyber-adversaries.

3.    Credit reporting and credit information

Did you know - if your business provides credit terms of seven days or longer, the Privacy Act requires it to have and publish a credit reporting policy. Is your credit reporting policy up-to-date and on your website?

4. Sensitive information

Higher legal standards apply to the collection, storage and disclosure of sensitive information including health information and government identifiers such as tax file numbers (TFNs).

Did you know - Where an employer suffers a privacy breach in relation to TFNs which it holds, the employer may have obligations under the notifiable data breaches scheme even where they are not otherwise regulated by the Privacy Act.

5. Protecting data

Is your organisation still holding copies of job applicant CVs or customer information collected years ago? The Privacy Act requires organisations to protect personal information they hold from misuse, interference or loss and from unauthorised access, modification or disclosure. It also requires that, once the information is no longer needed, the organisation destroy or de-identify personal information they hold (unless an exception applies).

Is your business turning over $3 million/year but does not yet have a privacy policy? Or does your existing privacy policy mention the Privacy Amendment (Private Sector) Act 2000 or the National Privacy Principles? It is time to review your privacy policy!

What does this mean for your business?

If your business deals in personal information, or if safely handling personal information is essential to your business’ functions and activities, these privacy priorities are about more than simply ensuring your business complies with its obligations under the Privacy Act. 

Mishandled information can cause financial or reputational loss to your customer. In turn, this can also lead to a loss of trust and considerable harm to your business’ reputation. A significant data breach - or an inadequate response - could mean your business suffers a loss of customers, business partners or revenue. For example, Ponemon’s 2017 Cost of Data Breach Study: Australia identified the average data breach cost for a company is $2.51 million.

Having in place good data privacy and information security policies and practices can help your business be more efficient, reduce its risk of suffering a privacy breach and shorten the time and impact of responding to a data breach, if one should occur. 

If you’re ready to get started but don’t know where to start, let HopgoodGanim Lawyers’ Intellectual Property & Technology team can help.

Authors
Hayden Delaney
Partner
Hayden is a Partner and he leads HopgoodGanim’s Intellectual Property and Technology team. Hayden specialises in the information, communications and technology sector, and intellectual property law.
Steven Hunwicks
Senior Associate
Steven is a Senior Associate in our Intellectual Property and Technology practice.
Verity Stone
Senior Associate
Verity is a Senior Associate in our Intellectual Property and Technology practice.
Subscribe
Receive email updates of our new publications.