Privacy Awareness Week (PAW) is an annual event that highlights the importance of protecting personal information and helps organisations, agencies and the public navigate the privacy landscape.
PAW NSW takes place from May 2 - 8 2022 with the theme of 'Privacy: The foundation of trust', which aims to improve understanding and awareness of NSW privacy legislation.
A recent survey commissioned by the Office of the Australian Information Commissioner (OAIC) identified growing trends and concerns on topics such as:
- Data practices,
- Privacy reform,
- Children’s privacy, and
- COVID-19 from the Australian public.
The Australian Community Attitudes to Privacy Survey 2020 identified that privacy has become more important to Australians in recent years, yet individuals are losing trust in how businesses are protecting their data.
Key findings included:
- 70% of Australians see the protection of our personal information as a major concern.
- 84% of Australians consider privacy extremely important when choosing a digital service.
- 87% of Australians want more control and choice over the use of their personal information.
The Privacy Act defines personal information as 'information or an opinion about an identified individual, or an individual who is reasonably identifiable:
- whether the information or opinion is true or not; and
- whether the information or opinion is recorded in a material form or not.’
So, why are strong privacy foundations important in business?
As the term 'personal information' encompasses a broad range of data, it is important that Australian businesses are aware of their privacy obligations and have practices in place to protect the personal information of the people they serve.
Strong privacy practices not only help businesses build and maintain trust with customers and key stakeholders, but in turn demonstrates responsibility, transparency and care in the data entrusted to them in the digital economy.
The fundamentals of a strong privacy foundation
Businesses can ensure they are building privacy into their products and services from inception by following a few simple steps.
1. Know your obligations
As expectations from customers and the wider community on how businesses handle personal information and respond to their concerns continue to increase, it is critical that businesses understand obligations under the Privacy Act and keep up to date with changes in privacy and legal obligations.
Policies and procedures are one of the most critical tools in setting expectations on how personal information must be handled by your employees.
A detailed policy that covers how to safely handle, store, and access sensitive data ensures that your employees are informed of their obligations under the Privacy Act too.
Review your privacy practices and policy regularly. Make sure they meet community expectations, comply with the law, remain relevant to current practices and address new risks.
2. Review, prepare and limit privacy risks
As it goes for any cyber threat, preparation and protection are key. Routinely reviewing risks and enhancing privacy protection strategies against best practices is crucial for Australian businesses to ensure their personal data remain protected.
Data breaches are now a case of 'when' not 'if', and we urge all businesses to implement a clear and detailed data breach response plan to prepare for and respond to data breaches in line with obligations under the Privacy Act.
We also recommend detailed risk assessments be completed on a routine basis, particularly for projects that involve new processes or technologies.
Investing in a relationship with a trusted technology provider can ensure that your cyber defences are fit for purpose and align with best practices to protect your business's personal data from malicious threats.
3. Train your employees and build a culture of privacy protection
Cyber Security Awareness Training, with a particular focus on privacy protection, raises employee knowledge on how to safely access, handle, and identify potential threats against personal information.
Reputable Cyber Security Awareness Training courses educate employees about threats against personal information they may be subjected to every day, giving them the skills they need in order to take appropriate action against them.
Ongoing training ensures your entire business is aware of privacy and security obligations.
Technology and skills support for small business
Designed to encourage small businesses to upgrade their digital capabilities and invest in new technologies, the new Technology Investment Tax Boost allows eligible businesses to claim "a bonus 20% deduction for the cost of expenses and depreciating assets, such as portable payment devices, cyber security systems, and subscriptions to cloud-based services."
The Technology Investment Boost will be critical in empowering small businesses to get serious about Cyber Security, allowing them to review and adopt enhanced cyber security measures such as malware detection, mitigation, and response.
We recommend talking to your accountant or financial advisor to learn more about the recent budget announcement and how you can take advantage of the tax boosts available to enhance the privacy and cyber security practices of your business.
How Diamond IT can help ensure your privacy practices stack up
The Diamond IT team specialise in reviewing cyber security strategies, including privacy foundations, to ensure they are fit for purpose, align with government recommendations, and include the necessary defences required to best protect your business data from privacy breaches and malicious threats.
Our Business Technology Managers (BTMs) and Business Technology Consulting team are specialists in improving your internal cybersecurity and are ready to speak with you. Contact our team on 1300 307 907 today.