Five privacy priorities for businesses
12-18 May 2019 is Privacy Awareness Week!
HopgoodGanim ’s Intellectual Property & Technology team have put together a few notes on the five privacy priorities for Australian businesses:
Australia's notifiable data breaches scheme requires organisations regulated by the Privacy Act 1988 to notify individuals who are put at risk of serious harm due to a data breach.
Privacy Awareness Week is a good time to:
The Australian Cyber Security Centre publishes “The Essential Eight”, a prioritised list of mitigation strategies to help organisations protect their systems against a range of cyber-adversaries.
Did you know - if your business provides credit terms of seven days or longer, the Privacy Act requires it to have and publish a credit reporting policy. Is your credit reporting policy up-to-date and on your website?
Higher legal standards apply to the collection, storage and disclosure of sensitive information including health information and government identifiers such as tax file numbers (TFNs).
Did you know - Where an employer suffers a privacy breach in relation to TFNs which it holds, the employer may have obligations under the notifiable data breaches scheme even where they are not otherwise regulated by the Privacy Act.
Is your organisation still holding copies of job applicant CVs or customer information collected years ago? The Privacy Act requires organisations to protect personal information they hold from misuse, interference or loss and from unauthorised access, modification or disclosure. It also requires that, once the information is no longer needed, the organisation destroy or de-identify personal information they hold (unless an exception applies).
If your business deals in personal information, or if safely handling personal information is essential to your business’ functions and activities, these privacy priorities are about more than simply ensuring your business complies with its obligations under the Privacy Act.
Mishandled information can cause financial or reputational loss to your customer. In turn, this can also lead to a loss of trust and considerable harm to your business’ reputation. A significant data breach - or an inadequate response - could mean your business suffers a loss of customers, business partners or revenue. For example, Ponemon’s 2017 Cost of Data Breach Study: Australia identified the average data breach cost for a company is $2.51 million.
Having in place good data privacy and information security policies and practices can help your business be more efficient, reduce its risk of suffering a privacy breach and shorten the time and impact of responding to a data breach, if one should occur.