Privacy Awareness Week is a good time to reflect on what Privacy means. As individuals and organisations, we need to ask the tough question: are we Privacy ‘weak’?
Unfortunately, data breaches happen. In a data-driven world, it’s important to be kept informed of them and the impact they have on an organisation financially, and on their reputation.
Between July to December 2019, the OAIC reported 537 eligible data breaches. That’s up 19% from the previous six months. In the same report, the majority of those data breaches notified under the scheme involved ‘contact information’, such as an individual’s home address, phone number or email addresses. Almost a third of data breaches notified between the same period involved identity information which refers to information that is used to confirm an individual’s identity, such as passport number, driver licence number or other government identifiers.
Data privacy is complex, and unless organisations who handle data take it seriously, it’s only a matter of time before data is compromised. Does your organisation or its third-party suppliers understand the regulated world we live in? Between the Privacy Act, GDPR, new APRA regulations – the privacy maze can be difficult to navigate.
Is your supplier certified?
The best way organisations can protect themselves is by using trusted partners with the right certifications. At IVE, protecting our customer’s data is at the heart of what we do. To give our customers the assurance they need before handing over valuable information, IVE maintains certifications in ISO 27001 Information Security Management, PCI DSS (Payment Card Industry Data Security Standard) and IRAP (Information Security Registered Assessor Program).
Over $1.7 million is invested each year to ensure that these key certifications and others are being upheld.
Certifications underpin our values on how we operate as a business and keep us accountable. To back them, an assurance assessment (ASAE3402 – Service as an organisation) is conducted annually to verify our ability to deliver on controls over Security, Availability, Processing Integrity, Confidentiality and Privacy. To prove we do what we say we do. This investment is significant, but it is a standard that should be expected of any organisation that you trust with your data.
Culture does matter!
It doesn’t stop with the certifications, it’s important for an organisation to continually assess people’s skills, upgrade infrastructure and technology, and be risk aware.
At IVE, our strength is in our culture. Every person who works for IVE understands their role in protecting client data. It’s embedded in our processes, in our systems and everyday discussions.
Understanding the latest regulations that impact our customers such as APRA CPS 234 is important to stay relevant and to support customers in their obligations.
The OAIC wants people to reboot their privacy, and as individuals, we need to know who/what/where our data is, but as a trusted organisation that handles customer data every day, a reboot isn’t necessary: IVE live and breathe it. Business leaders need to challenge their organisations – are you privacy weak?
By Leana El-Hourani
URL – https://www.ivegroup.com.au/privacy-in-a-data-driven-world/