Our Blog

10

Jul

Privacy legislation compliance: key challenges and how to overcome them

Most people aren’t completely aware of just how much of their personal information is gathered and stored by organisations they may never have heard of or may have quickly forgotten about. 

For example, when applying for a job, people often provide a great deal of personal information that would make it easy for hackers to steal their identity. That information is often managed by third-party recruitment companies rather than the company at which the individual is applying for the job.

Recruitment companies tend to keep people’s details for future reference, since the job market is fluid and people tend to move on at regular intervals. However, the individuals applying for jobs may quickly forget that they have provided that information.

This pattern can be replicated many times over with different providers, meaning the average Australian’s personal details could be spread out across dozens of organisations.

For the most part, this is relatively safe. These businesses must comply with a set of privacy principles as mandated by the Australian government, which ideally mitigate the risk of wholesale data breaches.

Australians no longer have a false sense of security

However, recent incidents have proven that until now Australians may have been enjoying a false sense of security. The government’s Notifiable Data Breaches (NDB) scheme, part of the Privacy Act 1988, came into effect in February 2018 and, since then, at least 55 breaches have been reported to the Office of the Australian Information Commissioner.

In the past, organisations may have sat quietly on knowledge of a breach. Now, with significant penalties in place for failing to notify affected individuals, businesses are taking their responsibilities more seriously.

The ramifications of a security breach include the initial damage and potential for customers and clients to have their identities compromised and their details stolen. However, the reputational effects can be severe and ongoing. Put simply, customers don’t trust organisations that can’t keep their data secure.

Given the average global cost of a data breach is estimated at around AUD $4.8 million, businesses have a significant incentive to protect themselves, and their customers, from malicious and accidental breaches.

Australia’s privacy legislation isn’t the only incentive for Australian organisations to keep data secure. Europe has now introduced its General Data Protection Regulation (GDPR), which affects every organisation in the world that does business with or collects data about European citizens.

The question for organisations becomes how to comply with this strict legislation without having to put undue pressure on organisational budgets. In other words, businesses need to balance security with spending.

Challenges for compliance

For many organisations, collecting, storing, and even protecting data isn’t the hard part. The biggest challenges, according to the International Association of Privacy Professionals, comes when individuals request access to the data organisations hold about them, as is their right under privacy legislation. The three top challenges were data portability, complying with the right to be forgotten, and gathering explicit consent.

These challenges often arise because organisations don’t store a person’s data in one simple, easy-to-access file. Instead, it’s typically spread across various systems and silos. Finding all the information that pertains to a single individual could take significant manual effort and, even then, it may need to be redacted before it can be provided to the person (because it also contains information about other individuals or because it contains commercially-sensitive information).

To achieve compliance with these rights, you need a blend of good processes, competent and skilled people, and appropriate technology.

As privacy and data security continue to grow in importance, how your organisation deals with these issues can become a competitive advantage. By demonstrating that your organisation is proactive and thorough in protecting people’s sensitive or private information, you can build credibility and customer trust.

After all, wouldn’t your clients rather do business with a company they feel safe with?

You can read more about how processes, people, and technology can help you comply with privacy legislation in our blog series here.

To find out how Empired can help, contact us today.

Posted by: Doug Baxter, Solution Specialist | 10 July 2018

Tags: Privacy, Security, GDPR, NDB, Privacy legislation, Privacy and compliance


Top Rated Posts

Blog archive

Stay up to date with all insights from the Empired blog