Common data privacy challenges for Not for Profits and Businesses
28th January 2016
Today is International Data Privacy Day! This day is dedication to raising the awareness of data privacy and is held annually on January 28th. The day promotes: respecting privacy, safeguarding data, and enabling trust amongst individuals, organisations and businesses.
Data use and collection forms part of every sector and function in the global economy. Modern day-to-day activities could not take place without: access to, view, update, and use data. With Australia’s push to innovate, the underlying value is most Australian businesses is slowly becoming their data and intellectual property.
Data helps drive business decisions, improve your competitive advantage, drive innovation and ultimately enable better customer engagement. Good data management is essential to business prosperity and survival.
Customers will also know how you value them, by how you handle their property (data)!
Common data privacy challenges
Moving to the Cloud
As a rule, we store client website data within Australia and don’t store our business documents on third party services like Dropbox, which may store the data on overseas servers. It is important that individuals, organisations and businesses are aware if Personal Information or Sensitive Information is likely to be disclosed to overseas recipients, and the countries in which such recipients are likely to be located (if practical).
Whilst cloud products are attractive, consider exploring alternate product options. For example: Businesses could use OwnCloud, a free, self hosted Dropbox alternative. This provides unlimited storage (depending on your web hosting plan) and better control over data location and disclosure.
Ensure compliance with Australian Privacy Principles
All Australian businesses should ensure they understand their legal obligations in relation to the Australian Privacy Principles.
Protecting your data – Do you have an Incident Response Plan
Does your organisation have a security policy? What steps do you take to manage, protect and destroy data? How do you handle data breaches?
Every organisation is likely have specific requirements and industry best practices to follow, which are outside the scope of this article.
DevApp’s Security Policy covers our minimum security practices which apply to managing your data. We disclosure how we will handle data storage, change management, credit card storage, vulnerability assessment and screening, system updates, firewalls, encryption, two-factor authentication, access level controls, account isolation.
Unfortunately, every website on the Internet is vulnerable to a security breach. Whilst our practices will help to mitigate the risks and reduce the likelihood of an attack, we also have a documented incident response plan. This enables us to handle data breaches in a documented way (Assessment, Communication, Investigation, Remediation and Reporting/Improvement) inline with the NIST Cybersecurity Framework. Continual improvement processes are vital to ensure your security plan is suitable for evolving threats.
This article has briefly explored some challenges around data management and security that organisations need to be aware of when managing data. Hopefully our examples, will help raise awareness within your own organisation, and enable you to make improvements to create your own organisational awareness. For more privacy resources, visit the Privacy Library, Australian Privacy Management Framework or contact us.