In today's digital landscape, safeguarding sensitive information has become paramount for businesses of all sizes. As data breaches and privacy concerns continue to make headlines, prioritising privacy practices is not just a legal obligation but also a crucial aspect of maintaining trust with customers and partners.
To assist businesses in navigating the complex terrain of privacy protection, we've curated five essential tips to fortify your data security and uphold privacy standards. Whether you're a start-up or a well-established enterprise, implementing these tips can help mitigate risks and foster a culture of trust and transparency within your organisation.
1. Data breaches
Australia's notifiable data breaches scheme requires organisations regulated by the Privacy Act 1988 to notify individuals who are put at risk of serious harm due to a data breach.
As three general rules, it is important to:
- verify your business’ data breach response plan is up to date;
- review your privacy practices and policies; and
- educate your team about their information handling obligations
2. Online Security
The Australian Cyber Security Centre publishes “The Essential Eight”, a prioritised list of mitigation strategies to help organisations protect their systems against a range of cyber-adversaries.
3. Credit reporting and credit information
Did you know: If your business provides credit terms of seven days or longer, the Privacy Act requires it to have and publish a credit reporting policy. Is your credit reporting policy up-to-date and on your website?
4. Sensitive information
Higher legal standards apply to the collection, storage and disclosure of sensitive information including health information and government identifiers such as tax file numbers (TFNs).
Did you know: Where an employer suffers a privacy breach in relation to TFNs which it holds, the employer may have obligations under the notifiable data breaches scheme even where they are not otherwise regulated by the Privacy Act.
5. Protecting data
Is your organisation still holding copies of job applicant CVs or customer information collected years ago? The Privacy Act requires organisations to protect personal information they hold from misuse, interference or loss and from unauthorised access, modification or disclosure. It also requires that, once the information is no longer needed, the organisation destroy or de-identify personal information they hold (unless an exception applies).
Is your business turning over $3 million/year but does not yet have a privacy policy? Or does your existing privacy policy mention the Privacy Amendment (Private Sector) Act 2000 or the National Privacy Principles? It is time to review your privacy policy!
What does this mean for your business?
If your business deals in personal information, or if safely handling personal information is essential to your business’ functions and activities, these privacy priorities are about more than simply ensuring your business complies with its obligations under the Privacy Act.
Mishandled information can cause financial or reputational loss to your customer. In turn, this can also lead to a loss of trust and considerable harm to your business’ reputation. A significant data breach - or an inadequate response - could mean your business suffers a loss of customers, business partners or revenue. For example, IBM’s 2023 Cost of Data Breach Report identified the average data breach cost for a company is $3.35 million.
Having in place good data privacy and information security policies and practices can help your business be more efficient, reduce its risk of suffering a privacy breach and shorten the time and impact of responding to a data breach, if one should occur.
If you’re ready to get started but don’t know where to start, HopgoodGanim Lawyers’ Intellectual Property, Technology and Cyber Security team can help.