We are proud to be a supporter of this year’s Privacy Awareness Week (PAW). Running from 3 to 9 May, #PAW2021 promotes the responsibility that Australian Government agencies and businesses have in protecting the personal data they collect.
The Office of the Australian Information Commissioner (OAIC) reported that 38% of data breaches are attributed to human error. By prioritising staff training organisations can reduce the risk. The OAIC has put together ten practical tips to help your organisation keep personal information safe including building in privacy protections from the start of a new project to training your staff to be privacy-aware and prevent data breaches.
Make privacy a priority in your workplace with these simple tips
1. Prioritise staff training
If you or your staff handle personal information in your day-to-day work, make sure you take steps to protect it. Prioritise training staff on secure information handling practices and make sure they understand how personal information must be handled throughout the information lifecycle — from the collection, use and disclosure through to security and deletion.
2. Reduce the risk of data breaches caused by human error
Human error is the cause of more than one in three data breaches notified to the OAIC. That includes emailing personal information to the wrong recipient, failing to BCC on group emails, and the unintended release or publication of personal information. Reduce the risk of a human error data breach by educating staff and putting controls in place. This could include disabling the autofill function in email platforms or implementing a prompt function before staff send an email to external addresses.
3. Physically protect personal information
Physical security is an important part of ensuring personal information is protected, especially as many people continue to work remotely. Make sure screens are angled so they can’t be viewed by anyone else and lock your devices when not in use, including when you step away from your desk. Be conscious of how you store physical documents too. Don’t leave hard copy documents with personal information on your desk — put them in a suitably secure locked drawer.
4. Prepare a data breach response plan
Make sure your organisation is prepared for a data breach with a clear and practical response plan that follows four key steps: contain, assess, notify, and review. Treat each data breach or suspected data breach seriously. Breaches that may initially seem minor may be more significant once their full implications are assessed. Ensure staff understand their roles, responsibilities, and what actions they are expected to take to respond to a data breach.
5. Put secure systems in place
Regularly monitor, review, and improve your privacy practices and systems to ensure that they remain effective and appropriate for your organisation. Having strong and secure systems in place helps to protect personal information from misuse, loss or unauthorised access or disclosure.
6. Build in privacy by design
Make privacy a priority within your organisation by building it in from the start – it is more costly and difficult to do it later. Adopting a ‘privacy by design’ approach means designing your products and services to minimise, manage or eliminate privacy risks. You should also embed good privacy practices into internal systems and processes.
8. Undertake a privacy impact assessment
Undertake a privacy impact assessment (PIA) for projects that can put individual or customer privacy at risk. A PIA is an essential tool for protecting privacy, identifying solutions, and building trust. It identifies the potential impact of a new project or process and how to manage, mitigate or eliminate privacy risk.
9. Only collect the information you need
The collection of personal information is an important part of the public health response to COVID-19. Agencies and businesses should limit the information they collect to the minimum amount necessary. Ensure that the information you collect is only used and disclosed for the intended purpose and that you are taking reasonable steps to protect this information.
10. Making privacy a priority comes from the top
A strong leadership commitment to a culture of privacy is reflected in good privacy governance. This can improve business productivity and help to develop more efficient business processes. Good privacy governance will help your organisation manage both the risk of a privacy breach and your response. Have a Privacy Management Plan in place and use our resources to assess your privacy practices and set goals and targets.
PAW is led by the Office of the Australian Information Commissioner (OAIC) in partnership with state and territory privacy regulators and the Asia Pacific Privacy Authorities forum. Find more tips on the OAIC’s PAW website.