Make Privacy A Priority: Privacy Awareness Week in 2021

Privacy Awareness Week (PAW) takes place in the first week of May each year. This year’s PAW starts on Monday May 3, 2021 and runs for the week. It’s a great opportunity for privacy professionals to push the privacy message, supported by a range of events plus a special kit of resources released by the OAIC (available to PAW supporters). This year’s theme is ‘Make Privacy a Priority’. This blog post will explore the theme, looking at what it means for Australian organisations, and link to some of our favourite privacy resources!

Make Privacy A Priority Web Banner

Privacy108 on The Theme: Make Privacy a Priority

Many organisations in Australia don’t fall under the Australian Privacy Act, the General Data Protection Right (GDPR), California Privacy Rights Act (CPRA), or any of the myriad other privacy laws currently in existence. But that doesn’t mean privacy doesn’t impact those organisations.

In fact, the opposite is true.

Every Australian organisation should focus on making privacy a priority. According to the OAIC’s 2020 study into attitudes towards privacy, privacy is a major concern for 70% of Australians, and almost 9 in 10 want more choice and control over their personal information.  Data breaches can also be costly and impact consumer trust.

Moreover, consumers are increasingly relying on businesses to lead the charge on societal change. The Edelman Trust Barometer Report asserts that 72% of consumers strongly believe that CEOs should take the lead on societal issues rather than waiting for the Australian Government to implement change.

Employers Need to Prioritise a Culture of Privacy

The Edelman Trust report highlights that employers are now seen as one of the most trusted institutions in Australia – with trust in employers prevailing over trust in the media.  This translates to a need for employers and organisational leaders to develop and embed a culture that makes privacy at priority. This includes giving employees the skills they need to protect their own and consumer personal information.

And taking care when considering how employees’ own data is being collected and processed.

The resources made available during this year’s Privacy Awareness Week are a great starting point.

10 Ways to Make Privacy a Priority at Your Organisation in 2021

These are the ten tips for making privacy a priority at work being shared for this year’s Privacy Awareness Week:

1.     Prioritise Staff Training.

Privacy108 is a leading provider of privacy consulting services and workplace privacy training. We have an extensive database of existing privacy content that might be useful to you or your team including:

  • Introduction to the Australian Privacy Act
  • Introduction to the GDPR and implications for Australian organisations
  • Privacy issues for marketing teams
  • Privacy issues for front line staff
  • The Australian Privacy Principles
  • Data breach notification obligations
  • Developing a data breach response capability
  • Phishing, ransomware and malware
  • Security issues for privacy professionals.

We are also happy to develop content specifically to meet your organisational needs.

We supplement our in-house developed content with some of the leading computer-based security and privacy awareness training programs, including the suite of solutions offered by KnowBe4.

Our team has expansive knowledge and experience consulting on the technological and legal aspects of privacy.  For practical advice and/or training that will uplift privacy maturity at your organisation, get in touch.

2.     Reduce the Risk of Data Breaches Caused by Human Error.

Every organisation will have a data breach of some sort, at some time, regardless of how extensive its security protections are.  To help respond effectively, it is essential to have a data breach response capability. It should include the capacity to efficiently and effectively identify and respond to data breaches involving personal data.  Timely and effective response can significantly reduce the potential harm caused by data breaches and the damage that can be done to organisational reputation.

Again, training and awareness play a critical role in minimising the risk of data breaches resulting from human error.

3.     Physically protect personal information.

Paper records, including print outs of reports and reviews, and customer files are often overlooked when thinking about data breaches.  Even though some of the most common data breaches are the result of issues with the proper storage or destruction of physical records.

Physical records should be carefully stored so they can’t be accessed by unauthorised individuals. Ensure your security measures and data minimisation practices contemplate the physical records you hold.

Don’t forget physical security: it’s easy to have a peek at a file left on a desk or at a colleague’s screen in an open plan office environment.  Make sure you’ve got a strategy if a device (like your phone or laptop) is lost. Consider: how easy will it be for someone to access your app’s and other personal data?

Working from home has dramatically changed the way that work is done and new controls may need to be considered as part of the physical protections for personal information.

4.     Prepare a data breach response plan.

In today’s digital climate, you need to approach data breaches with a ‘when’, not ‘if’ mentality. Your organisation should prepare and stress test its data breach response plan long before any data breach occurs.

Privacy 108 are experts in data breach response, helping you prepare for a data breach and supporting you through the response process.

We can also give you the skills you need to be able to build your data breach response capability. The CISM training session we have scheduled from 28 – 30 June, covers incident management as one of the four domains included in the CISM body of knowledge.

5.     Put secure ICT systems in place.

All privacy professionals need to work closely with their information security colleagues to make sure that security controls are in place, to not only protect personal data but to provide evidence of that protection.

Our CISM course scheduled in June can help privacy professionals understand the most important aspects of information security management, and build a bridge with the information security team.

Other ways of building your security knowledge includes accessing the free content available online. We love these podcasts and vlogs that discuss cybersecurity and privacy. Check them out:

6.     Build in privacy by design.

Privacy by design is required by the GDPR and strongly supported by the OAIC, and most other regulators.

‘Privacy by design’ is a process for embedding good privacy practices into the design specifications of technologies, business practices and physical infrastructures. This means building privacy into the design specifications and architecture of new systems and processes.

The premise of privacy by design is that it is more effective and efficient to manage privacy risks proactively, rather than to retrospectively alter a product or service to address privacy issues that come to light.

Table outlining Privacy by Design principles

Our blog schedule includes a post on privacy by design in the near future, so stay in touch!

7.     Review your privacy policy.

Read our 5 tips for developing an effective privacy policy here.

8.     Undertake a privacy impact assessment.

Privacy Impact Assessments (PIAs) are used by organisations looking to understand and evaluate privacy risk. PIAs allow you to continually assess, analyse, and manage privacy risk and privacy challenges in your organisation.  The benefits of embedding PIAs into your business operations include:

  • Compliance with privacy laws.
  • Improved internal privacy and information security frameworks. 
  • Transparency and increased public trust and confidence.
  • Reduced risk of future costs from legal exposure and/or reputational damage.
  • Better internal processes. 
  • Improved information management. 
  • A strengthened culture of privacy. 
  • Increasing staff and community awareness of privacy issues. 

9.     Only collect the information you need.

Read more about data minimisation in practice here.

10.     Make privacy a priority with input from the top.

This last point highlights that succeeding in developing a culture of privacy at any organisation requires commitment from the organisation’s leaders.

You can see more from the OAIC and its tips on how to make privacy a priority at work here.

Additional Privacy Resources to Help Your Organisation Make Privacy a Priority

Here are some additional privacy resources we find valuable:

The Privacy Pros Podcast

The Serious Privacy Podcast

The Privacy Kitchen YouTube Channel

Informm Blog

 

Want to receive updates like this in your inbox? Subscribe

  • We collect and handle all personal information in accordance with our Privacy Policy.

  • This field is for validation purposes and should be left unchanged.

At Privacy 108, we are passionate about privacy and data protection. We work with organisations to ensure they collect, use and secure all information in a way that is both compliant and meets community expectations. Privacy 108 is a law firm. Our team of lawyers can provide specialist legal advice on privacy and security issues.