This Privacy Awareness Week we're issuing a call to go "back to basics"

30 Apr Privacy Awareness Week: Back to Basics

Posted at 02:09h in Cyber, Cyber Insurance, News by

The theme for this year’s Privacy Awareness Week, organised by the Office of the Australian Information Commissioner (OAIC), is ‘back to basics.’

The message behind the theme is that while our information and technology landscape has got a lot more complicated, privacy remains fundamental. And that there are key, simple steps to take to protect it.

CRM Brokers is proud to be supporting Privacy Awareness Week and helping to promote good privacy practices.

Privacy is integral to building and maintaining the community’s trust in our handling of their personal information.

Protecting the privacy of people’s personal information is fundamental. The OAIC have put together 10 tips for businesses and other organisations to apply to keep personal information safe.

Know your obligations

Make sure your organisation is getting privacy right. That means understanding your obligations under the Privacy Act, and considering privacy as your business, or your business systems or practices, evolve. Don’t just ‘tick the boxes’: step up to customer and community expectations.

Assess privacy risks

Assess privacy risks early. Undertake a privacy impact assessment for projects that involve new information handling practices, such as new technologies. This can help facilitate a privacy-by-design approach, identify better privacy practices and ensure compliance with the Privacy Act.

Simplify your privacy policy

Make sure your privacy policy is written in plain language, includes a summary, and is specific to your business or organisation. Don’t treat it as a legal document to manage legal risk. It should be a document that informs, and creates trust.

Have a privacy plan

Make sure you have a privacy management plan in place, to help embed a culture of privacy and establish robust privacy practices. Check out the OAIC template if you need a hand setting your privacy goals and targets.

Only collect (or keep) what you need

Minimise privacy risks by reviewing your products, services, and internal systems and processes to ensure that you’re only collecting the personal information you need. Ensure that information that is no longer needed is destroyed or de-identified.

Train your staff

Clearly outline how staff are expected to handle personal information in their everyday duties. Make it real, and relevant. Integrate privacy into your induction and regular staff training programs – including for short-term staff, service providers and contractors.

Appoint privacy champions

A strong privacy culture comes from the top. Assign a senior staff member with overall responsibility for privacy, as well as appointing staff responsible for managing privacy day-to-day.

Secure personal information

Ensure secure systems are in place to protect personal information from misuse, loss and unauthorised access and disclosure. This protects both your business, and the people you deal with – as well as being a requirement of the Privacy Act.

Prepare for data breaches

Have a clear and practical data breach response plan at hand so staff know what to do if there is a data breach. It should outline your strategy for containing, assessing and managing the incident from start to finish. Regularly review and test it.

Review your practices

Good privacy management means being proactive, and anticipating future challenges. By continually improving your privacy processes, you will ensure you are responsive to new privacy issues and that implementation will not be a burden. Be ahead – not behind!

Stay Smart – Act Now

A cyber insurance policy should be part of every successful business’s risk management framework. Cyber Insurance should be your last line of defence when it comes to preparing for a cyber-attack. In fact, insurers expect businesses to have a number of risk mitigation strategies in place. These strategies can reduce your premium on a cyber policy.

These include up-to-date anti-virus and anti-spam tools and system backups that are regularly tested. Rigid protocols around passwords are also essential. Staff training to ensure employees understand what a cyber-attack or threat is and how to prevent one is also essential.

There is no such thing as an impenetrable system; this is why in today’s digital age Cyber Insurance is a must for your business to mitigate your exposure in the event of a cyber-attack. Don’t wait until it’s too late – click here to obtain a Cyber Insurance quote online.

If you have any further questions regarding Cyber Insurance and how it can protect your business, contact CRM Brokers on 1300 880 494.

 

Important Notice

Important notice 

This article provides information rather than financial product or other advice. The content of this article, including any information contained in it, has been prepared without taking into account your objectives, financial situation or needs. You should consider the appropriateness of the information, taking these matters into account, before you act on any information. In particular, you should review the product disclosure statement for any product that the information relates to it before acquiring the product.

Information is current as at the date the article is written as specified within it but is subject to change. CRM Brokers make no representation as to the accuracy or completeness of the information. Various third parties have contributed to the production of this content. All information is subject to copyright and may not be reproduced without the prior written consent of CRM Brokers and Steadfast Group Limited.

 

Tags: