Privacy Awareness Week is upon us, from the 15th-21st of May 2016. This week serves as an important reminder to businesses, organisations, enterprises and individuals that they must control the management of private information and prioritise maintaining the best practice of handling personal information. The theme of this year’s Privacy Awareness Week is “Privacy in your hands”, speaking to businesses taking ownership of how they handle a client’s personal information. How can your business remain compliant when managing personal information where technology advancements require constant re-evaluation of privacy management. Below we set out four tips on how you can protect your client database and other sensitive information.
1. Planning and Governance
The duty of privacy management should form part of the strategic planning of any organisation. Businesses should manage privacy within all projects, products and practices. It’s important to consider the following tips to ensure that you are compliant with the Privacy Act 1988 (Privacy Act) and Australian Privacy Principles.
- Which employee is responsible for privacy planning?
- Plan for privacy for upcoming projects.
- Be selective about the information you need to collect and when and how it should be accessed.
- Keep all personal information secure.
- Have a data breach response plan in place. This is where personal information held is lost or stolen.
- What personal information you will collect from your clients;
- How your business will use personal information;
- How and when you will collect and disclose personal information;
- How you will store personal information;
- Acknowledge the rights of your customers to access their personal information; and
- Describe what happens if the information collected is no longer accurate.
Privacy Week is the opportune time to communicate to your staff how they handle personal business and client information. Ensure employment and contractor agreements have a privacy clause so that employees don’t misuse or disclose staff, client information and trade secrets after employment has ceased. This is careful planning and should rest with your human resources representative.
4. Data Breach Plan
Data breaches are becoming increasingly common in this technology age. Your business’ greatest asset is your client database so it’s important to have an action procedure in place should a data breach occur. As data breaches cannot be predicted there are four key steps to managing a breach:
- Contain the breach: This may involve closing or shutting down the system to prevent further records from being misused.
- Determine the risk of the breach: What information has been compromised? Who does this breach affect?
- Notify: Determine if individuals require notification, to prevent serious harm to the individual. This includes reporting to the authorities and agencies to which the information has a direct relationship.
- Prevent future breaches: As a result of a direct breach, there should be a review of policies and procedure to staff and a security audit of data.
4. Responsibility of Clients