When we interact and transact with our customers, we often ask them to tell us about themselves. Registration forms, surveys, transaction histories — these are all ways of gathering information. When we collect and store personal information about our customers, we need to be mindful of privacy.
From a bird’s eye view, organisations may hold the personal information of hundreds, thousands, or even millions of customers. This data must be protected and handled respectfully and lawfully. Keeping customer data safe and handling it respectfully makes good business sense. Not only will it help avoid privacy infringement penalties, but it also helps develop a reputation as an organisation that can be trusted.
All around the world, countries and regions have specific privacy laws that set out what personal information can be collected from people and how it can be collected and used. These privacy laws usually include regulations about what organisations must tell their customers when collecting personal information and how it will be used.
Privacy law is not optional, and increasingly there are significant penalties for non-compliance.
Focusing on getting privacy principles embedded during the early stages of any project or business change makes things a lot easier.
When people understand how personal information should be handled, that’s a good start. We’re all better off when privacy protections are improved.
Why is privacy law so important?
Privacy laws establish boundaries between individuals and organisations, protecting individuals from the misuse of their personal information.
Privacy is acknowledged as a fundamental human right and puts people in charge of their personal information. Privacy laws give people control over their own data and help ensure that the information can only be used in the ways they understood it would be used.
Privacy laws impose obligations on the organisations that collect, use, share and store personal information. The framework set by privacy legislation ensures that organisations handle personal data belonging to their customers in transparent and respectful ways.
Good privacy practices also support innovation. As you develop trust with your customers over time, they become more comfortable sharing more and better quality information with you. It makes good business sense to use this customer information to tailor your products and services to better suit market needs.
It’s important to get privacy right to support your business because getting it wrong risks irreparable damage to customer relationships and market perception. Market perception can be very unforgiving, and recovering from a privacy breach is no easy feat.
What is personal information?
Now, more than ever, it’s essential to understand privacy requirements related to how our organisations collect, store, use, and disclose personal information.
The Office of the Australian Information Commissioner (OAIC) defines ‘personal information’ as including a broad range of information or opinions that could identify an individual. What is personal information will vary, depending on whether a person can be identified or is reasonably identifiable in the circumstances.
Handling personal information belonging to customers is part and parcel of many people’s daily work life. Organisations need to consciously examine what personal information they are collecting and whether it is reasonably necessary for the completion of the job and nothing more. Examples of the most common types of personal information include a person’s name, phone number or email address.
Sensitive personal information refers to those types of personal information that have greater potential to cause harm to an individual if they are exposed in a data breach.
Examples of sensitive information include data about someone’s health, ethnicity, religion or sexual identity. A person’s consent is usually needed to collect sensitive personal information from them.
From an organisational perspective, holding sensitive personal information means holding additional risk. Organisations must decide whether they have the appetite for this risk and what measures they can put in place to protect it. Exposure or leakage of someone’s health-related information will likely have far more severe consequences than exposure of a person’s email address.
Privacy is underpinned by trust
Privacy is fundamental to maintaining customer trust. Organisations — both large and small — must keep their privacy and security promises. Not only is that good business practice, but increasingly, it’s the law. Organisations that ignore privacy legislation do so at their peril. There are some hefty fines for breaches and misuse of information!
For privacy to be upheld, a trust-based relationship needs to exist. People place their trust in the organisations they interact with. They expect their personal information to be handled safely, respectfully, and only be used in the ways they were told it would be used.
When things go wrong, and this doesn’t happen, people can feel exposed or unfairly treated, and it can cause them to lose trust in an organisation.
People uphold privacy
Building a culture of privacy awareness begins and ends with people. Building privacy considerations into the foundations of practices and projects is important — but equally if not more important is how an organisation’s employees put these principles into action.
Privacy Awareness training highlights the knowledge that teams need to ensure personal information is being collected, stored, used, and even disposed of in accordance with privacy principles.
Empowering teams with the right privacy know-how can help establish fair social contracts with customers, improve customer experience and build an organisation’s brand.
Privacy Awareness for Australia
In Australia, the Privacy Act 1988 covers information privacy rights and how organisations and agencies within its scope must handle personal information.
This legislation is currently under review by the Attorney-General’s Department, and significant changes to privacy regulation in Australia are on the horizon. These changes will likely include stricter rules around managing personal information and larger fines for non-compliance.
Now is the time to make sure your team is up to scratch on privacy to keep you, your data and your organisation safe.
And that’s where SafeStack Academy’s Security and Privacy Awareness programme comes in.
We develop our privacy awareness training materials in partnership with our friends at Simply Privacy. Our training focuses on teaching the behaviours to help people handle the personal information entrusted to them in respectful, secure and transparent ways.
Our privacy awareness training presents solid, helpful content without overwhelming learners with complex legal terms and language.
Each course focuses on a different privacy-related topic and includes an interactive lesson and a short knowledge check. Engaging activities help learners recognise the situations where they should consider privacy and the best practices for handling personal data respectfully and securely.
Course 1: Introduction to privacy
The first course in our Privacy Awareness for Australia programme introduces privacy and why it matters. We introduce the concept of personal information and teach learners to recognise the situations where privacy aspects need to be considered.
Course 2: Collecting personal information
In this course, we expand on personal information and learn about how much and in what ways we can lawfully collect it. The Australian Privacy Principles (APPs) set the rules for how organisations can collect personal information. We focus on steps people can take to ensure they collect and handle personal information in safe, transparent, and respectful ways.
Topics covered in the course include:
- Identifying personal information and sensitive personal information,
- Considering what personal information is collected and for what purpose, and
- Collecting personal information in ways that are fair and lawful.
We’ll continue to add to our library of both Australian and New Zealand Privacy Awareness courses in 2022. We’re keen to be part of your organisation’s training journey to embed the privacy principles throughout your business practices.
Some (not so) small print
Our courses are developed with the guidance of privacy experts at Simply Privacy. However, these courses are not intended as legal advice.
The learning objective is to help learners understand why privacy matters and how to break that down into simple, action-oriented behaviours.
Try it yourself
Get your team learning about the privacy principles. Sign up for our SafeStack Academy Security and Privacy Awareness training today, or take it for a spin with a free 14-day trial.
We love to hear from you
If you enjoyed reading this blog post or if something sparked an interest, please share it with us. Drop us a line at email@example.com and let us know what you think.