Since its inception in 2006, Privacy Awareness Week (PAW) is an annual event driven by the Office of the Australian Information Commissioner (OAIC) and is supported by Privacy Regulators across all Australian States and Territories.
PAW highlights and shares with the public sector and the broader community the importance of privacy and the protection of personal and online information. The theme for 2022 is ‘Privacy: The foundation of trust’.
When considering this theme ‘Privacy: The foundation of trust,’ what does trust really mean for your client, your consumer, your user?
Michael McFarland, S.J from the Markkula Center for Applied Ethics at Santa Clara University presents an interesting premise in his June 2012 article titled ‘Why We Care about Privacy’.
“Privacy is important for a number of reasons. Some have to do with the consequences of not having privacy. People can be harmed or debilitated if there is no restriction on the public’s access to and use of personal information. Other reasons are more fundamental, touching the essence of human personhood. Reverence for the human person as an end in itself and as an autonomous being requires respect for personal privacy. To lose control of one’s personal information is in some measure to lose control of one’s life and one’s dignity. Therefore, even if privacy is not in itself a fundamental right, it is necessary to protect other fundamental rights.”
Privacy, online privacy, privacy of data, privacy in the cloud what does it all mean and how does it contribute to trust. What constitutes trust?
Large, medium, small organisations and not for profits all have a perspective on privacy resulting in a differing interpretation of privacy. One significant reason for this variation is organisation size. Whereas a larger organisation has investment dollars for IT funding with focussed supporting teams a smaller not for profit may not have the funds for a similar level of investment.
One thing is clear and that is that a data privacy breach has the potential for long reaching implications: harm to reputation, loss of business, penalties, legal implications and most importantly the loss of trust by clients, users, and consumers.
It is important to understand what is and what is not personal information.
The Privacy Act includes 13 Australian Privacy Principles (APPs) which apply to most Australian Government agencies and some private sector companies.
The OAIC describes these Privacy Principles as ‘principle-based law.’
“The Australian Privacy Principles are principles-based law. This gives an organisation or agency flexibility to tailor their personal information handling practices to their business models and the diverse needs of individuals. They are also technology neutral, which allows them to adapt to changing technologies.”
Even if the Privacy Act means you do not have to comply to the privacy principle, you should.
To contribute on this initiative, here are few tips we would like to share with you:
Keep your important files in your device or in the cloud encrypted and/or secured with Multi-Factor Authentication (MFA)!
Check your privacy settings on your social media apps like LinkedIn, Facebook etc.
Do not disclose your personally sensitive information online.
Be mindful in terms of what you post online. Personal information does not always need to include specifics such as your name. It can be any information that can help work out your identity.
If you are an organisation, you should perform a regular Privacy Impact Assessment (PIA). PIA‚ “tells the story” of either your organisation or your project from a privacy perspective and helps to manage privacy impacts.
Additionally Privacy strategies should consider a Privacy Governance Model that ties in with Cyber Security and Digital Strategies.
Minimum recommended governance for maintaining required standards include:
- Know and understand the Privacy Act and incorporate changes as they are made
- Process to handle a breach of privacy
- Partner with another organisation who have this as their core business
- Improve knowledge for smaller organisations and not-for-profits by utilising resources provided on regulator sites
- Business rules and assessments for larger organisations to remove opportunity for complacency to impact Privacy
- Encourage independent audits to identify gaps
In summary, understanding the legislative requirements, addressing organisational privacy constraints, building robust strategies and a strong supporting governance framework will help build Privacy as a foundation of trust.