“Privacy is one of the top issues of the century”
— Tim Cook, CEO of Apple, 2021
Privacy Awareness Week may not be a well-kept secret but it’s often lost in the noise of competing priorities.
That’s a tragedy, because the right to privacy is starting to get as much priority as climate change.
It’s still surprising that Privacy Awareness Week is promoted on facebook but, less surprisingly, Assured Support was once again engaged in publicly supporting Privacy Awareness Week.
Because we consider Privacy to be a human, rather than a consumer right, we’re thrilled to support the Australian Information Commission’s #privacyawarenessweek.
And, because the Privacy Act is one of the applicable laws with which Licensees and advisers must comply, we’re excited about helping you meet, if not exceed, your obligations to review, assess and secure your clients’ personal information.
Privacy may be a big and complex issue but there are a range of incredible resources available from the OAIC and we hope that you visited their site and enrolled for their webinar “AW 2021 – Making privacy a priority in the decade of data.”
In this webinar, Commissioner Falk and Commissioner Denham explored:
- the role of data protection in the global recovery from the COVID-19 pandemic, and how consumer trust can unlock the value of data in innovation
- the shift towards greater collaboration between data protection authorities and interoperability of global privacy frameworks, and
- how responses to key technology and data issues including children’s privacy are addressing community expectations.
We’re strong advocates of (Free) online training so we’d like to direct you to the OAIC’s eLearning course. Although it’s designed for Australian Government agencies, it will walk you through the Privacy Act 1988 (the Privacy Act) and provide you with practical advice and guidance on good privacy management practices.
Better still, it’s free.
Systems and security
“The Australian corporate regulator has become the latest high-profile victim of a cyber-attack related to the same software used to hit both the Reserve Bank of New Zealand and law firm Allens.”
— “ASIC .. hit by cyber attack”, Max Mason, AFR Jan 25, 2021
Data security, as ASIC’s action against RI Advice shows, is more than having a policy and mouthing the right words; it is a moral and professional obligation and, if breached, the contravention can have serious consequences.
Remember that, if you’re an adviser (or Licensee), ASIC are as interested in these contraventions as they are in your more traditional failures (and the new breach reporting regime will increase the visibility of these failures).
Plan for privacy
We recommend that you visit the OAIC site and read all the relevant material available on our site, but, if you’re stretched for time and already read all our material multiple times, we’d draw your attention to the OAIC practical guide “10 steps to undertaking a privacy impact assessment”.
This document will help you assess the consequences and implications of any project involving the collection, use or storage of personal information.
It provides useful parameters for future activity but, in our view, provides a tool for the retrospective analysis of your current activities. Steps 5, 6 and 7, in particular, will help you identify and address and current risks in a structured and methodical way.
In case you’d like a more easily referenced guide, you can download it here.