What is Privacy Awareness? Privacy Awareness Week 2019
This year, Privacy Awareness Week runs from 12 - 18 May 2019 and there are a number of very relevant messages being touted by the many organisations involved. There are also considerable resources available that provide straight forward advice and guidance on privacy obligations and options, including help identifying aspects to not be concerned about.
The rapid rate of changes in technology and society are justifiably keeping Privacy, and the related (cyber)security, at the forefront of conversations. Organisations are worried about obtaining and losing the personal information of their customers and employees, and individuals are justifiably worried about giving - and losing - their personal information. Sadly, much of the current conversation is generated by the continual major privacy failings of global companies, involving both mind-blowing amounts of information and a genuine percentage of the world’s population.
Legislation and best practice are fighting a rear-guard action, but are catching up unevenly. However, as privacy remains an evolving area it’s often difficult to distinguish between what’s right and what’s easy, and to quantify the risks - especially against other more traditional and better understood areas like customers, products and revenue. Data collection and privacy ‘challenges’ are increasingly complex and yet increasingly crucial for organisations in creating and maintaining people’s trust and meeting the expectations for services delivered.
Government agencies and private companies need to start by knowing their privacy obligations; this is what privacy awareness is about. Within Australia this could varying from including compliance with the European GDPR and Australian mandatory data breach notifications, through to NSW legislated data sharing and privacy impact assessment performance. Organisations are often relieved if they find legislation doesn’t apply to them, but that’s not really the point - all organisations should maintain good privacy practices and have the right privacy protection in place to suit their business, strategies and customers.
Legislation and the subsequent practices and processes implemented by complying businesses provide examples of best practice. Other business can take notice and learn from without having to bear the associated costs or heartache. While the EU’s GDPR doesn’t apply to certain businesses (and it’s well defined who it does apply to) most reference it as the future direction of privacy. This legislation, and other similar Australian requirements (Australia does generally align with the GDPR), should be looked at by all businesses irrespective for the benefits best practice would deliver and risk reductions that would ensue, instead of focusing on the necessity for strict legal compliance. Even is this approach isn’t taken immediately, business should be aware of the changes taking place in the wider privacy space. At the very least, businesses should know which trading partners and customers will be complying with which privacy practices, and thus will need to look for new or changed arrangements in contracts and processes.
And remember that privacy can’t be abrogated to just the techies or the lawyers, all parts of an organisation must have a consistent understanding of what privacy is, why it is important, how it is being delivered and where it must be integrated. There will be choices, but the discussion must be informed. There are checklists flying about, but if it’s someone else’s checklist how do you know what it’s asking and what the ‘right’ answer really is? Maybe it doesn’t suit your business, your risk appetite, your projects. Being informed and privacy aware is the starting point.
For more resources, visit the Office of the Australian Privacy Commissioner’s Privacy Awareness Week website: https://www.oaic.gov.au/paw2019/
Or the NSW Information and Privacy Commissioner’s website here: https://www.ipc.nsw.gov.au/privacy-awareness-week-nsw-2019
If you want to contact Doll Martin Associates to talk about privacy, or any of our other services, feel free to email us at firstname.lastname@example.org or via the button below.