This year will mark 30 years of the Australian Privacy Act 1988. Over the years, how we handle personal information – including collecting, using and disclosing information – has changed dramatically. With rapid advancements online, particularly through social media, the way we do business is constantly changing. More recently, legislative changes such as the Mandatory Data Breach Reporting reforms have further highlighted the need for organisations to scrutinise their privacy obligations and train their staff in their regulatory requirements.
Privacy Awareness Week (PAW) is an opportunity for organisations to review and improve how they handle personal information and ensure they meet legislative requirements.
The Office of the Australian Information Commissioner (OAIC) will be holding events throughout PAW for organisations. Check them out here: https://www.oaic.gov.au/paw2018/
Rights and responsibilities
Do you know your clients’ rights when it comes to the information you hold about them? It is your responsibility to ensure that everyone in your business is aware of their responsibilities under the Australia Privacy Principals (APPs).
A privacy breach can be committed by anyone on any level of your organisation!
Data loss and mandatory data breaches
The Commonwealth Bank (CBA) recently confirmed it lost the financial statements of almost 20 million accounts. The information contained customers’ names, addresses, account numbers and transaction details from 2000 to 2016. The data was supposed to be destroyed by sub-contractor Fuji-Xerox last year.
CBA did not disclose the data loss to its customers until media outlet Buzzfeed News broke the story.
Prime Minister Malcolm Turnbull described the incident as an “extraordinary blunder”, saying, “It’s hard to imagine how so much data could be lost in this way.” He added that “if that had happened today, the bank would have to advise each of their customers about the loss of data under new laws.”
This case highlights the importance of transparency and how privacy obligations do not stop when engaging the use of a third party/contractor.
GRC Solutions offers an online Privacy course tailored to all staff within an organisation. The training looks at how the APPs apply to a range of actions and how to best apply these.