How solid are your privacy foundations?
This week, Maddocks privacy specialists across all three offices will be bringing you a series of articles, podcasts, tips and more, inspired by the 2022 theme 'Privacy: The foundation of trust'.
This Privacy Awareness Week, we have been inspired by the OAIC’s campaign to check how well your privacy practices stack up. Your personal information is extremely valuable. It’s your identity, the foundations of who you are. Protect it. If you’re a business or government agency that’s been entrusted with personal information, it’s critical that you handle it with integrity and care.
In this article, Partner Sonia Sharma gives you her top tips for building solid privacy foundations as a private sector organisation.
I am passionate about helping organisations build strong foundations for managing privacy. It’s a huge responsibility to be trusted with personal information of your customers, staff and other stakeholders. Privacy needs to be actively managed, it’s a whole of business concern, it’s a Board issue and creating a privacy culture that enables privacy compliance has huge business benefits in the short and long term. We work with clients to create proactive privacy management frameworks to ensure the challenges of data breaches and the excitement of launching a new innovative product can be managed with confidence. Having those building blocks in place is critical. Here are my top tips private organisations should be asking to test their privacy foundations.
Australians want more protection
have a clear understanding of why we should protect our personal information.
believe personal information should not be used in a way that causes harm, loss or distress.
see the protection of our personal information as a major concern.
consider privacy extremely or very important when choosing a digital service.
want more control and choice over the use of our personal information.
believe children must be empowered to use online services, but their data privacy must be protected.
Your Privacy checklist – how strong are your foundations?
|Is privacy and cybersecurity a Board concern? ASIC makes it clear, given the magnitude and prominence of privacy and cyber risk for most organisations, that informed oversight of risk involves the Board being satisfied privacy and cyber risks are adequately addressed by the risk management framework of the organisation.|
|Is your data breach response plan regularly reviewed and kept up to date for the latest market and regulatory developments such as the increased prevalence of ransomware attacks and new legislative obligations?|
|Do you have a privacy management plan to embed a culture of privacy, establish robust and effective privacy practice, implement procedures and systems, evaluate what you are doing and enhance your response? We are still seeing many private sector organisations operating without a clear privacy framework and plan.|
|Do you have appointed privacy and cyber champions within the business? These issues are a whole of business concern and not merely the responsibility of IT or legal!|
|Do you provide regular training and education which is ‘fit for purpose’ at all levels, from front line staff (such as phishing email campaigns) to the executive and the Board (e.g. running table top and hypothetical scenarios)?|
|How do you monitor and stay on top of the latest developments and trends?|
|When was the last time you conducted a data mapping exercise to understand the personal information you actually hold and how it is collected, used, disclosed and handled. Trust is critical but how can you manage risks if you don’t have a very clear picture of your organisations data flows. Many organisations still do not have a clear data map of the information they hold.|
About the author
Sonia Sharma, a published authority and privacy and data specialist with a strong and rapidly growing privacy and data practice. She also helps to chair the Maddocks national Privacy Network. Sonia is a recognised privacy expert and is listed as a ‘5 Star Cyber Lawyer’ by Australasian Lawyer and a Next Generation Partner by Legal500 in their Data Protection category.
Sonia has lead large scale privacy transformation projects for private sector clients, ASX listed entities and big name brands who trust Sonia with their privacy needs. She is known for leading large scale data breach response and conducting significant privacy impact assessment projects. She has worked collaboratively with clients to implement privacy governance, frameworks and policy and procedures. Sonia regularly presents to clients and Boards on privacy.
Need further information on data and privacy?
Navigating major state tax changes in Victoria – what property developers need to know
We break down the the State Taxation Acts Amendment Bill 2023 for property developers.
‘Jack’ and ‘Mac’ recognisably different: McDonald’s loses trade mark beef with Hungry Jack’s
McDonald’s has failed in its trade mark claim against Hungry Jack’s for the sale of its ‘Big Jack’ burger.
Inquiry into the drivers of philanthropic giving in Australia
In May 2023 we noted the Productivity Commission had commenced an inquiry into the Drivers of philanthropic giving.
New point of law: What can be considered as a protected document?
A look at Environment Protection Authority v Sydney Water Corporation  NSWLEC 119.