A person working on a computer for Privacy Awareness Week 2021 - Make Privacy a Priority
Rapid News

Rapid Global proud supporter of privacy awareness week

We are proud to be a supporter of this year’s Privacy Awareness Week (PAW). Running from 3 to 9 May, #PAW2021 promotes the responsibility that Australian Government agencies and businesses have in protecting the personal data they collect.

The Office of the Australian Information Commissioner (OAIC) reported that 38% of data breaches are attributed to human error. By prioritising staff training organisations can reduce the risk. The OAIC has put together ten practical tips to help your organisation keep personal information safe including building in privacy protections from the start of a new project to training your staff to be privacy-aware and prevent data breaches.

Make privacy a priority in your workplace with these simple tips

1. Prioritise staff training

If you or your staff handle personal information in your day-to-day work, make sure you take steps to protect it. Prioritise training staff on secure information handling practices and make sure they understand how personal information must be handled throughout the information lifecycle — from the collection, use and disclosure through to security and deletion.

2. Reduce the risk of data breaches caused by human error

Human error is the cause of more than one in three data breaches notified to the OAIC. That includes emailing personal information to the wrong recipient, failing to BCC on group emails, and the unintended release or publication of personal information. Reduce the risk of a human error data breach by educating staff and putting controls in place. This could include disabling the autofill function in email platforms or implementing a prompt function before staff send an email to external addresses.

3. Physically protect personal information

Physical security is an important part of ensuring personal information is protected, especially as many people continue to work remotely. Make sure screens are angled so they can’t be viewed by anyone else and lock your devices when not in use, including when you step away from your desk. Be conscious of how you store physical documents too. Don’t leave hard copy documents with personal information on your desk — put them in a suitably secure locked drawer.

Simplify your inductions and training process with Rapid Induct.

4. Prepare a data breach response plan

Make sure your organisation is prepared for a data breach with a clear and practical response plan that follows four key steps: contain, assess, notify, and review. Treat each data breach or suspected data breach seriously. Breaches that may initially seem minor may be more significant once their full implications are assessed. Ensure staff understand their roles, responsibilities, and what actions they are expected to take to respond to a data breach.

5. Put secure systems in place

Regularly monitor, review, and improve your privacy practices and systems to ensure that they remain effective and appropriate for your organisation. Having strong and secure systems in place helps to protect personal information from misuse, loss or unauthorised access or disclosure.

6. Build in privacy by design

Make privacy a priority within your organisation by building it in from the start – it is more costly and difficult to do it later. Adopting a ‘privacy by design’ approach means designing your products and services to minimise, manage or eliminate privacy risks. You should also embed good privacy practices into internal systems and processes.

7. Review your privacy policy

Australians are more likely to trust a website or service if they have read the privacy policy, but less than a third of us read them because they are too long and complex. Think about your audience when creating a privacy policy, use standard, simple language and include a plain English summary at the start. Remember to review the policy regularly and update it when your privacy practices change.

8. Undertake a privacy impact assessment

Undertake a privacy impact assessment (PIA) for projects that can put individual or customer privacy at risk. A PIA is an essential tool for protecting privacy, identifying solutions, and building trust. It identifies the potential impact of a new project or process and how to manage, mitigate or eliminate privacy risk.

9. Only collect the information you need

The collection of personal information is an important part of the public health response to COVID-19. Agencies and businesses should limit the information they collect to the minimum amount necessary. Ensure that the information you collect is only used and disclosed for the intended purpose and that you are taking reasonable steps to protect this information.

10. Making privacy a priority comes from the top

A strong leadership commitment to a culture of privacy is reflected in good privacy governance. This can improve business productivity and help to develop more efficient business processes. Good privacy governance will help your organisation manage both the risk of a privacy breach and your response. Have a Privacy Management Plan in place and use our resources to assess your privacy practices and set goals and targets.

PAW is led by the Office of the Australian Information Commissioner (OAIC) in partnership with state and territory privacy regulators and the Asia Pacific Privacy Authorities forum. Find more tips on the OAIC’s PAW website.

Get the latest work health and safety information straight to your inbox