Advances in cloud computing have completely reshaped our work and lifestyle habits. Tools such as social media and applications like Microsoft Office 365 utilise cloud systems to be accessible anywhere at any given time. An important problem with this type of global platform is: “Who owns the data and how it is used?”
Australia is one of the earliest countries to introduce privacy principles and is regulating how companies in different industries treat the information they hold. APRA, the Australian body to supervise banking, insurance and superannuation recently released a new standard which aims to regulate the data privacy measures taken by its supervised institutions. GDPR was implemented with huge fanfare in May 2018, which pressures companies at a global scale to invest and bring their data privacy up to the standard.
The aim of these regulations and guidelines is to protect the privacy of the individual. They not only direct the organisations to take sufficient steps to protect the information of the individual but also educate the masses to their rights. The education piece on data privacy is showing a huge increase in awareness among the general public.
A study conducted by OAIC found that in the context of personal information, Australians believe the biggest privacy risks people face are online services — including social media sites. 48% of all participants suggested that using online services and social media sites pose the greatest risk. Among Australians aged 18‐24 years this is even higher (60%). There is general unease about the lack of security of personal information, particularly in those aged 25-34 where 1 in 8 share this concern. During the study period there was a global public debate around US surveillance programs such as PRISM which may have led to data security and breaches being considered the third greatest risk, mentioned by one in six (16%) Australians.
In another instance, Australians were presented with several scenarios and asked to rate if they were indicative of misuse of personal information. Surprisingly, all of the scenarios presented were found to contain misuse of information.
These results show that there is an increasing awareness in society on how individuals’ personal information should be used. This is quintessentially why Google utilised some of the world’s best-known internet and free speech experts such as Jimmy Wales, the founder of Wikipedia, and Frank La Rue, UN special reporter on freedom of expression; We must strive to find a balance between personal privacy and the public’s right to information.
What can be done to protect your Privacy?
Organisations across the globe have dramatically raised their own awareness on the change of the privacy landscape. As sensitive information is exchanged between organisations and individuals on a large scale, people are vulnerable to hackers, marketers and other ill-intentioned parties. The introduction of laws around privacy enable the end user to gain more control over their information (in Australia under APP and GDPR in EU). It has become imperative that information processors and controllers not only provide more information to the end user but take responsibility for controlling and protecting it using industry best practices. To this end, responsible data processors and collectors iteratively enhance their end user privacy processes.
When collecting customer feedback, privacy is the number one priority. Variations in regional to industry requirements require careful examination on a per project basis. At the bare minimum each project requires the organisation to do a detailed due diligence.
A solid starting points would be to ask at least the following questions:
- What laws govern the (Personally Identifying Information) PII in the relevant geographical location?
- What are the classifications of the data involved?
- What/if any are the industry regulations around the types of data?
- Does the data processing supplier hold relevant certifications (i.e. ISO 27001)?
- Does the supplier provide guidance on data security & privacy best practices?
- Does the supplier have a guided process and risk mitigation in place for data storage and transfer?
Enjoyed this post? Read more of our blogs.