Today is International Data Privacy Day!  This day is dedication to raising the awareness of data privacy and is held annually on January 28th.  The day promotes: respecting privacy, safeguarding data, and enabling trust amongst individuals, organisations and businesses.

Data use and collection forms part of every sector and function in the global economy. Modern day-to-day activities could not take place without: access to, view, update, and use data. With Australia’s push to innovate, the underlying value is most Australian businesses is slowly becoming their data and intellectual property.

Data helps drive business decisions, improve your competitive advantage, drive innovation and ultimately enable better customer engagement. Good data management is essential to business prosperity and survival.

Customers will also know how you value them, by how you handle their property (data)!

Common data privacy challenges

Moving to the Cloud

Clients believe that outsourcing their digital applications will save them money, improve efficiency and reduce their risk. Generally, these assumptions are true, provided the client understands how the cloud provider will collect, store, use, and disclosure their data – Generally documented in their privacy policy.

For example: DevApp’s privacy policy outlines what information we collect, how we use the information, where we store the information, if the data is disclosed overseas, and how you can access and update your information held by us.

As a rule, we store client website data within Australia and don’t store our business documents on third party services like Dropbox, which may store the data on overseas servers. It is important that individuals, organisations and businesses are aware if Personal Information or Sensitive Information is likely to be disclosed to overseas recipients, and the countries in which such recipients are likely to be located (if practical).

Whilst cloud products are attractive, consider exploring alternate product options. For example: Businesses could use OwnCloud, a free, self hosted Dropbox alternative. This provides unlimited storage (depending on your web hosting plan) and better control over data location and disclosure.

Ensure compliance with Australian Privacy Principles

All Australian businesses should ensure they understand their legal obligations in relation to the Australian Privacy Principles.

For example: Australian and Norfolk Island Government agencies, all private sector and not-for-profit organisations with an annual turnover of more than $3 million, all private health service providers and some small businesses must have a Privacy Policy.

If you collect Personal Information (such as name, address and telephone or Sensitive Information (such as health data, racial originals, etc) you should have a Privacy Policy. Most small businesses will collect Personal Information to enable the provision of services and payment for services, so it is considered best practice to have a policy regardless of your organisation size. By creating a Privacy Policy, it will ensure you better understand how you collect, manage, store and destroy data you collect.

Protecting your data – Do you have an Incident Response Plan

Does your organisation have a security policy? What steps do you take to manage, protect and destroy data? How do you handle data breaches?

Every organisation is likely have specific requirements and industry best practices to follow, which are outside the scope of this article.

DevApp’s Security Policy covers our minimum security practices which apply to managing your data. We disclosure how we will handle data storage, change management, credit card storage, vulnerability assessment and screening, system updates, firewalls, encryption, two-factor authentication, access level controls, account isolation.

Unfortunately, every website on the Internet is vulnerable to a security breach. Whilst our practices will help to mitigate the risks and reduce the likelihood of an attack, we also have a documented incident response plan. This enables us to handle data breaches in a documented way (Assessment, Communication, Investigation, Remediation and Reporting/Improvement) inline with the NIST Cybersecurity Framework. Continual improvement processes are vital to ensure your security plan is suitable for evolving threats.

Additional Resources

This article has briefly explored some challenges around data management and security that organisations need to be aware of when managing data. Hopefully our examples, will help raise awareness within your own organisation, and enable you to make improvements to create your own organisational awareness. For more privacy resources, visit the Privacy Library, Australian Privacy Management Framework or contact us.