“You have zero privacy anyway. Get over it. ”
— Scott McNealy, Chairman Sun Microsystems, 1999
Do you know?
Let’s be honest, it’s ironic that so few people are aware of Privacy Awareness Week.
It’s even more ironic that Privacy Awareness Week is promoted on facebook.
It’s probably unsurprising that Assured Support is so engaged in publicly supporting Privacy Awareness Week.
Because we consider Privacy to be a human, rather than a consumer right, we’re thrilled to support the Australian Information Commission’s #privacyawarenessweek.
And, because the Privacy Act is one of the applicable laws with which Licensees and advisers must comply, we’re excited about helping you meet, if not exceed, your obligations to review, assess and secure your clients’ personal information.
Privacy may be a big and complex issue but there are a range of incredible resources available from the OAIC and we recommend you visit their site.
Privacy in a pandemic
“In taking steps to prevent and manage the pandemic, the importance of protecting personal information remains constant, and any changes to information handling practices to address the pandemic must be reasonable, time-limited and necessary.”
— Angelene Falk Australian Information Commissioner and Privacy Commissioner
Reboot your privacy.
In many ways, COVID-19 should have made privacy one of your key priorities. As you embrace digital signatures, tele-conferencing and social distancing, you’ve no doubt paused to consider the type of information you’re receiving, the method of provision and the parties with whom you’re sharing information. At the same time, self-isolation provides a great opportunity to improve your data security and delete the data you know longer require to meet your legal obligations.
On top of the practical issues of providing services via social distancing during a pandemic, you’ve no doubt been concerned that some of the key systems on which you’re forced to rely, have significant problems.
Zoom, as useful as it is, has multiple security and privacy issues. Microsoft, no doubt purely in anticipation of #privacyawarenessweek, promoted security and privacy as core advantages (sorry – core elements) of Microsoft Teams compared to more popular, but less secure, alternatives.
The OAIC’s Key tips
- Personal information should be used or disclosed on a ‘need-to-know’ basis
- Only the minimum amount of personal information reasonably necessary to prevent or manage COVID-19 should be collected, used or disclosed
- Consider taking steps now to notify staff of how your organisation will handle their information in responding to any potential or actual case of COVID-19 in the workplace
- Ensure reasonable steps are in place to keep personal information secure, including where employees are working remotely.
For more information please visit oaic.gov.au/covid-19-privacy-guidance
Privacy: A (mostly) national issue
Even the NSW government, despite their more pressing focus on crisis management, supports #privacyawarenessweek. While the OAIC encourages consumers to
Ctrl+Alt+Delete and reboot your privacy.
the NSW Information and Privacy Commission is encouraging public sector agencies and citizens to Prevent, Detect and Protect privacy.
The Office of the Victorian Information Commissioner is likewise supporting Privacy Awareness Week and have published a range of materials designed to “protect yours, respect others’”.
Their video – Data, Innovation and privacy – is an excellent resource which, for your convenience has been embedded in this article.
The joke may have been funnier in concept than execution but you can access the presentation at https://vimeo.com/412983786
The minimalistic site maintained by the QLD “Office of the Information Commissioner” provides training material and posters designed to encourage consumers to “be smart about privacy”.
Information, actions and hip slogans
The OAIC addressed the COVIDSafe application directly and confirmed that
“The Privacy Impact Assessment has provided transparency and accountability for the use of personal information, and supports community confidence in the app.”
As useful and reassuring as that is, the OAIC have also scheduled a webinar on May 6 where Privacy Commissioners from Australia and New Zealand will discuss “Privacy in a pandemic.”
If you’ve already finished After Life 2, this may be just what you’re looking for.
Register below, we’ll save you a seat.
Plan for privacy
We recommend that you visit the OAIC site and read all the relevant material available on our site, but, if you’re stretched for time and already read all our material multiple times, we’d draw your attention to the OAIC practical guide “10 steps to undertaking a privacy impact assessment”.
This document will help you assess the consequences and implications of any project involving the collection, use or storage of personal information.
It provides useful parameters for future activity but, in our view, provides a tool for the retrospective analysis of your current activities. Steps 5, 6 and 7, in particular, will help you identify and address and current risks in a structured and methodical way.
In case you’d like a more easily referenced guide, you can download it here.
In all seriousness, it’s a big week and privacy is a critical issue – particularly if you believe that technology is inexorably transforming privacy from a right to a commodity to a luxury.
You may feel that “You’re one microscopic cog in his catastrophic plan” but you have an opportunity, a right and an obligation to protect the privacy of your clients.
Don’t, for one moment, overlook your legal and professional obligation to respect, protect and secure our right to privacy.