How you manage your online security and information is an important part of running a business. As a former Australian Privacy Commissioner I believe that while Cyber Security and privacy are different, they depend on each other.
Security is about ensuring that you and your company have control of the information in the business and that it is neither being stolen by someone nor are you losing it. Having established control, privacy is what you do with the staff and customer information you have in the organisation.
Security and privacy are incredibly important because if you aren’t trustworthy you will lose customers. However, the reality is that sometimes information gets lost and it can be stolen even if your security is good. How you manage the relationship with the customer at such a time can be critical to your future success. Done wrongly you can lose the relationship forever, but done the right way can cement your future as a trusted business.
Now Australia is catching up with the rest of the world: like everywhere else data breaches occur on a regular basis. What is new in Australia is the public visibility such breaches are getting and it won’t go away. See for example the Medvet data breach or the Privacy Commissioner's recent reports on own motion investigations of breaches by Telstra and Vodafone.
When you come under attack it is imperative you have a plan of action.
Don’t bury your head in the sand; take responsibility and be prepared. You should also recognise that security, privacy and your obligations are changing unbelievably rapidly.
Businesses that have a turnover of less than 3 million, are not a health service provider or not trading in personal information are exempt from the Privacy Act. Personal information that is in an employee record that is used by the employer for employment purposes is also exempt from the Privacy Act for a business of any size.
However, you should consider abiding by it anyway because there is no relationship between the size of your business and the damage you can cause. It is also very easy to damage your brand if you don’t use common sense when it comes to the information you are gathering on your site and the way you use it in the future.
After all the National Privacy Principles are common sense.
You can’t go wrong if you remember “Good Privacy is Good Business”.
Malcolm Crompton is Managing Director of Information Integrity Solutions (IIS), a globally connected company that works with public sector and private sector organisations to help them build customer trust through respect for the customer and their personal information. He was also foundation President of the International Association of Privacy Professionals, Australia New Zealand, www.iappANZ.org.