Each year, the Office of the Australian Information Commissioner (OAIC) holds a week of events to promote privacy and encourage best practices by companies and organisations on how they can keep your personal information safe. Each year has a different theme: This year, the focus of the week is “trust and transparency”.
“This Privacy Awareness Week (PAW) we explore privacy through the theme Trust and Transparency. This speaks to the consumer and community trust that flows to organisations who handle personal information transparently, and with care, throughout the information life cycle.
Personal data can travel through numerous transactions, media and organisations — but it’s always personal — so it’s important that we take care at every step.”
– Timothy Pilgrim, Australian Information Privacy Commissioner
This year, Rouse Lawyers is a proud partner of the Privacy Awareness Week and we are encouraging you to take some time this week to think about how you implement trust and transparency within your organisation.
Achieving Trust and Transparency
Achieving trust and transparency with your staff and customers may seem daunting at first, but by following and implementing a few simple steps, you can be on a path towards achieving this goal.
Implementing a clear Privacy Policy, making that policy easily available on your website and holding regular staff training to encourage positive behaviours towards privacy processes are all examples of ways you can create an environment of trust and transparency.
If you are unsure where to get started, the OIAC website publishes many helpful guides to assist you in being compliant with your privacy obligations (or if you wish to have a more in-depth conversation contact us to discuss any privacy related matter). One such guide is the Privacy Management Plan; implementing a plan is an excellent way to keep you focussed on creating trust and transparency.
Creating a Privacy Management Plan
STEP 1: EMBED A culture of privacy that enables compliance. Good privacy management stems from good privacy governance. Ensure your leadership and governance arrangements create a culture of privacy that values personal information. – OAIC
Ways to Achieve Step 1:
- Create a Privacy Policy in line with the Privacy Act. Having a clear and easily accessible Privacy Policy is the first step in building trust with your customers. When your customers know how you will handle their information safely, they are more likely to engage with your company.
- Include as part of your induction training a module on what is personal information and the steps you take to protect that information.
- Conduct staff training where you discuss when personal information can be disclosed and when it cannot.
- Talk to your staff about risks associated with disclosing personal information. This will not only assist in protecting personal information you hold but may also prevent a staff member from having their personal information misused.
- Consider any professional or ethical standards that apply to your industry relating to client confidentiality and disclosure of customer information.
STEP 2: ESTABLISH Robust and effective privacy practices, procedures and systems Good privacy management requires the development and implementation of robust and effective practices, procedures and systems. – OAIC
Ways to Achieve Step 2:
- Conduct regular staff training session where privacy is a focus. When you discuss privacy compliance with your staff on a regular basis, it is more likely that your staff will implement your privacy processes correctly.
- Create a method on how you will handle privacy concerns raised by your customers. Does your staff know how to answer customer’s questions? If your staff is unsure or inadequately trained, your customers may not feel that you are being transparent with how you handle their information.
- Encourage a culture where concerns and complaints are treated seriously. If your customers feel that you are care about their concerns, they will in turn trust in you with their personal information.
- Start thinking about how you will handle a data breach. Consider developing a written procedure and management plan. New obligations on how you must handle data breaches is set to start in 2018.
STEP 3: EVALUATE Your privacy practices, procedures and systems to ensure continued effectiveness Systematically examine the effectiveness and appropriateness of your privacy practices, procedures and systems to ensure they remain effective and appropriate. – OAIC
Ways to Achieve Step 3:
- Undertake regular audits of your organisation. Are policies and procedures being implemented correctly?
- Consult periodically with a privacy expert to keep you up-to-date regarding your privacy obligations.
- Evaluate the purpose for collecting any personal information. Do you require each piece of information? If not, making the disclosure of that personal information optional is another way to build trust with your customers.
STEP 4: ENHANCE Your response to privacy issues Good privacy management requires you to be proactive, forward thinking and to anticipate future challenges. By continually improving your privacy processes, you will ensure you are responsive to new privacy issues and that implementation will not be a burden.
Ways to Achieve Step 4:
- Change and adapt your processes and procedures based on the feedback you receive form your staff, customers and internal audits.
We are here to help
Privacy is rarely about secrecy, but is about transparency, security, and choice. It’s about organisations being up-front about their personal information handling practices so that individuals can make informed choices about how they share their information. And it’s about respecting customer trust by maintaining strong security and information handling practices throughout the life cycle of personal data.
Unsure if you are compliant with your obligations concerning personal information or need to create or update your Privacy Policy? Contact Rouse Lawyers and ask to speak with one of our privacy law experts to discuss how we can assist you with all things concerning privacy law.
No comments:
Post a Comment