Privacy authorities across jurisdictions joined forces to promote the importance of covering the fundamentals when it comes to protecting personal information.
To mark the start of Privacy Week, which runs from 1 to 7 May, Australia’s privacy and information commissioners issued a joint statement and called for agencies to get “back to basics” when it comes to privacy.
The joint statement was written and co-signed by Australian information commissioner and privacy commissioner Angelene Falk, NSW privacy commissioner Samantha Gavel, Victoria information commissioner Sven Bluemmel, Queensland privacy commissioner Paxton Booth, Queensland information commissioner Rachael Rangihaeata, South Australia state records director Stephanie Coleman, Tasmania Ombudsman Richard Connock and Northern Territory information commissioner Peter Shoyer.
Acknowledging that “things have changed a great deal in the last few decades”, the commissioners noted the information and technology landscape has “become significantly more complicated”.
They emphasised the advent of new technologies that require businesses, government agencies, regulations and legislation, and individuals to adapt and move with the times.
“Organisations and agencies now collect, use and disclose huge amounts of personal information. The practices to keep it safe and to use it responsibly need to keep pace,” the joint statement read.
The commissioners urged people to take “simple steps” to safeguard themselves by using strong passphrases and multi-factor authentication, deleting data from unused accounts and devices, and only providing personal information when necessary.
They also urged organisations and agencies to “only collect personal information that is necessary for carrying out their functions and activities” while also “take reasonable steps to secure it”.
“Once the information is no longer needed for any enduring legitimate purpose, it should be securely destroyed or permanently de-identified. Carrying information that is not needed creates additional risk, especially in the event of a data breach,” the statement noted.
The joint statement concludes by highlighting the dedication and ongoing efforts of Australia’s privacy authorities towards protecting the privacy of all Australians, as well as promoting awareness of the responsibilities of organisations and government agencies, and the rights of individuals.
How can businesses ‘get privacy right?’
In light of Privacy Week, the Office of the Australian Information Commissioner has released a website, reminiscent of the old-school internet.
Ms Falk said the website was a “refresher” on what individuals can do to protect their personal information, as well as what agencies and organisations should do for best privacy practice.
“The right to privacy is fundamental, and the high-profile data breaches of the past months have put the security of personal information in the spotlight. We all know privacy must be protected, but people can be unsure what to do, or it can feel overwhelming,” Ms Falk said on the website.
“That’s why our Privacy 101 website is designed to engage people and organisations in a privacy refresher, to help improve and strengthen privacy practice,” she added.
Advice tailored for businesses included the following:
1. Know your obligations. Understand your obligations under the Privacy Act, anticipate customer needs and concerns, and prioritise privacy to maintain trust.
2. Have a privacy plan. Develop and implement a privacy management plan to establish robust privacy practices and meet best practice standards.
3. Appoint privacy champions. Assign senior staff members to oversee privacy matters and designate staff responsible for managing privacy day to day.
4. Assess privacy risks. Conduct privacy risk assessments early and perform a privacy impact assessment for projects that involve new information handling practices.
5. Adopt a ‘privacy by design’ approach. Minimise privacy risks by reviewing your products, services, and internal systems and processes to ensure that you collect only the personal information you need.
6. Secure personal information. Establish secure systems to safeguard personal information from misuse, loss, and unauthorised access and disclosure.
7. Simplify your privacy policy. Write your privacy policy in plain language and provide a summary for easier comprehension.
8. Train your staff. Integrate privacy into your employee training programs, including new employee orientation and periodic training.
9. Prepare for data breaches. Develop a plan to address potential data breaches and inform affected parties as required by law.
10. Review your practices. Regularly review and improve privacy practices and policy to stay abreast of community expectations and comply with relevant regulations.
You are not authorised to post comments.
Comments will undergo moderation before they get published.