It seems like every day we are hearing more and more about people's privacy being put in jeopardy by a data breach. Not only is the frequency of these breaches worrying, the size of the breaches and the names of the companies that had been compromised have caused many of us to become more than a little nervous about the state of our own privacy policies and procedures.
As shown in this useful infographic (check out the interactive version at “Information is Beautiful”) data security breaches can happen to anyone, even companies that have built their entire business on collecting and commercialisation data.
So if these companies can be compromised, what’s the situation for the rest of us? Frankly, not good.
All too often private data is shared electronically with no encryption or password protection. Many people still don’t understand what their responsibilities are under the law and the implications should there be a breach. We also know that the pace of technological change is often outpacing the ability for security or governance teams to adequately cater for every contingency and so, by necessity, must prioritise on the external attacks. Leaving it to individuals to follow corporate guidelines and policies to protect against a breach.
As shown here, research consistently points to human error being linked to data breaches.
Source: Health data security in crisis 2015
The evidence tells us that the single biggest opportunity to dramatically reduce the risk of a data breach to your business is in ensuring all your staff have been trained in, and understand, the privacy requirements we must adhere to.
And it’s not just about the fines. Businesses that suffer from a data breach usually suffer significant brand damage.
Consumers are becoming more and more aware of the value of their data and the impact on them personally should a breach occur.
A breach can, and will, lead to a loss of faith resulting in customers moving to another provider. With every breach reported in the media, we see an increased focus on regulations, consumer protection & rights and the discussions on who owns this data.
We need to use the actionable insights to continue to improve our level of customer service and value in order to remain competitive. We need more of our small to medium business to join us on this journey and more regulation will just place barriers in the way of innovation. Put simply, if we are to continue to improve our use of data we need the trust of the market that we can and will protect people's privacy.
This is a subject of tremendous importance to us here at ADMA. So much so that last year we launched a new industry association - Data Governance Australia - with a new code that goes beyond current legislation and a new set of training programs to help companies reduce the risk of a data breach.
Data Privacy is never off the agenda and we need to be proactive in how we manage customer data and prepare for the changes to come. As recently as this week, Assistant Minister for Digital Transformation Angus Taylor announced the Australian Government's plan for a new ‘universal data rights’ regime that gives consumers ownership of the transactional data they generate as customers, regardless of whether it is a bank, a telecommunications provider, an energy utility or retailer.
So, if you have concerns over the potential risk to your business then we have a range of solutions you might consider.
● Data Pass - trains your staff who work with your data on a daily basis about all they need to know to be compliant under the Australian Privacy Principles and requires them to pass an exam. If [xxx] pass the exam, your company will receive the Data Pass trust mark logo that can be used on your website to demonstrate how serious you take privacy.
● Privacy & Marketing Compliance - extends beyond Data Pass to includes aspects of marketing, communications, and advertising regulation and can be taught on-site or online.
● Custom Team Training - a comprehensive program that provides training to all staff in your organisation. The content is tailored to be appropriate for 4 types of roles
1. Customer facing staff - on the fundamentals of the regulations with custom content to explain the processes in place at your company to comply.
2. Back office staff - for those, that while not dealing with data directly, still need a basic understanding of your policies and procedures.
3. Data Teams - deep dive on how data should be handled and used.
4. Executive - explaining their obligations under the Privacy Act and what to do should a data breach occur.