Manage clients and employees information how you expect your information to be managed.

We all expect businesses to manage and protect our personal information. In our eyes, they are trusted custodians.

 

When the shoe is on the other foot…

your clients have exactly the same expectations of your business.

 

While we strive to provide our clients with the best services and/or products, and our employees with the best working environment, there’s more… as trusted custodians of their information we must protect and manage it as best as we can. It will not guarantee a breach from happening but it’s critical to make every effort to minimise the likelihood.

Not all businesses need to legally comply with a Privacy regulation. However, every business has a moral obligation to protect their clients and employees information.

When a breach occurs, never venture down the rocky path of using the ‘excuse’ of having no legal obligation. It will not end well. As a client, how would you feel if a business said that to you ? I certainly know my response and it’s not pretty.

How are we doing as trusted custodians ?

When you see the recent surveys results of Australian SMBs, it doesn’t look real flash. It’s a major concern so many businesses are so vulnerable.

  • 51% admit their policies and practices are inadequate to manage a breach
  • 67% are uncomfortable with their 3rd parties handling their information
  • 47% are not aware of their obligations under the Notifiable Data Breach scheme introduced in February 2018
  • 49% do not have a data breach response plan
  • ……..

There are SMBs making every effort but disturbingly, there are more that are not.

In 2018, 60% of all cyber attacks targeted small businesses (up from 43% in 2017).

 

            Is your business at risk ?

Will your business survive a breach ?

 

Protecting personal information of clients and employees should be one of the highest priorities of your business.

 

So why isn’t this a priority for many business owners ?

I’ve heard comments along the lines of :

  • “I’ve got a small business, hackers would not be interested in me” (Guess what, in 2018, 60% of cyber-attacks in Australia are targeting SMBs and on the rise)
  • “I haven’t got the resources and skills” (but you outsource other services, why not protecting your clients and employees)
  • “I’ll worry about it if it happens” (it’s a matter of when not if)
  • “I don’t have to comply with any regulations” (but you have a moral obligation)
  • “I haven’t needed it before, why now ?” (Privacy regulations and community expectations are rising rapidly. Faster than you may realise.)
  • ……

When drilling down further, in many cases the underlying reason is the ‘unknown’. Not knowing where and how to start.

 

The unknown is not an excuse.

           Clients won’t buy it.

 

Businesses must step up by being proactive and prepare for a breach. Breaches will occur. Businesses need to minimise the likelihood of a breach and minimise the damage.

Privacy Proactive will help you work through the unknown starting with a free no-obligation consultation. By understanding your business, your obligations, and your risk threshold, we can then talk about the various approaches available to you.

We offer very flexible and tailored approaches to enable your business to build up and sustain your privacy policies and practices at the pace that suits you and your business.

Yes, it does take some time and money. However, the benefits far outweigh the costs and risks to your business.

Click here to find out more information about the solutions.

“I might need it one day”

Too many times when working with clients, I hear this.

The more information we collect and store, the more risk we have.

Gone are the days of ‘nice to have’.
          It must be ‘need to have’.
 

All businesses must have well-defined and understood practices in place for the collection and storage of personal information.

Why ?

Clients are losing trust and confidence in businesses to protect their information. They are becoming more reluctant to share it.

Not only do clients expect great products and services, they want their information managed and protected in the best possible way.

The flip side is as business owners, we need clients information to run our day-to-day operations plus to deliver more personalised services enabling growth.

Is this an opportunity for a competitive advantage ?  It should be !!!

Build trust, build your business…..

 

How ?

Whether collecting or storing information…ask yourself, does my business really need it ?

Is it required by regulations ? Is it needed to provide products and/or services to your clients, employees ?

If not, then why have it ?

At Privacy Proactive, we can take you through the process to minimse the amount of personal information collected and stored.

 

 

 

Why is Healthcare the most vulnerable sector ?

Since the introduction of the Mandatory Notifiable Data Breach scheme in February 2018, the Healthcare sector has reported the most data breaches to the Office of the Australian Information Commissioners (OAIC).

 

Considering the sensitivity of our health information,

this should be a major concern for any of us.

 

Let’s look at why the Health sector is infected so much …..

 

  1. There is a significant increase in the amount of health data being stored and transmitted due to :

    1. more medical devices and patient wearables,
    2. an increase in the use of telehealth and telemedicine, and
    3. the adoption of electronic health records both internally and nationally.
  2. Health information is worth more to criminals than almost any other form of personal data because :

    1. Health practitioners are more likely to meet hackers demands as the lack of access to Health information affects patients and staff (in some cases, critical surgery or care),
    2. Health information is a non-perishable asset and retains value for a longer period after a breach, and
    3. the value of personal information on the dark web doubles when it includes medical information.
  3. The Healthcare sector has stricter reporting requirements such as :

    1. every organisation handling health information is subject to the Privacy Act as there is no annual turnover threshold, and
    2. a data breach involving health information is more likely to cause serious harm.
  4. The Healthcare sector incorporates many small businesses, which more than likely lack an understanding of :

    1. current security risks,
    2. vulnerabilities when adopting new technologies, and
    3. how to address exploited vulnerabilities to prevent future breaches

 

How does the Healthcare remedy this ?

 

Health practitioners need to take the same approach as they do with their patients.

Diagnose and implement a sustainable treatment strategy.

 

The strategy must prepare a business as best as possible to :

  • minimise the likelihood of a breach (ie: implement robust and sustainable Privacy policies and practices, conduct on-going staff training, review current practices and systems, conduct regular reviews of data storage processes, etc), and
  • minimise the damage of a breach when it occurs (eg: implement a Data Breach Response plan)

 

Privacy Proactive has the expertise and solutions to enable businesses to implement the strategy, which meets their obligations.

Do you have a handle on your businesses personal information ?

Businesses must be diligent in maintaining their role as trusted custodians of their client’s information. This should be one of the highest priorities within your business.

By building trust and confidence with one of your most valuable assets, clients, it will deliver a competitive advantage that every business must grab hold of.

So, where do you start?

By understanding your Privacy responsibilities, and how you currently measure up against them.

At Privacy Proactive, we offer a free consultation to help you start gathering the relevant data to enable you to weigh up the risks and benefits.

 

Below are some of the discussion points we start with to get the ball rolling.

1) Does your business need to comply with any Privacy regulations?

Not only may you need to comply with various Australian regulations, but possibly other jurisdictions such as the European GDPR.

Even if your business is not required to comply, client’s still expect their personal information to be protected.

2) Do you know where your businesses personal information is stored?

To protect, you need to know what information you have, where it is located and who has access.

3) Have all reasonable steps been taken to ensure the appropriate level of protection of your personal information ?

You can sleep better at night knowing you have done as much as you can. It may not be enough to avoid a breach but at least you have taken reasonable steps to minimise the likelihood.

4) Are you confident the 3rd parties, who handle your personal information, have taken all reasonable steps to protect it ?

A 2018 survey in Australia, found 67% of business owners are not confident about the 3rd parties protecting their personal information.

Any wonder there is a lack of confidence in the community ?

5) Is your staff fully aware of their responsibilities in handling personal information ?

Since the introduction of the Notifiable Data Breach scheme in Australia in Feb 2018, 35% of breaches are due to human error. This does not include Email phishing which would push it closer to 60%.

6) Do you feel confident your business will not have a data breach ?

A few disturbing facts coming out of recent surveys in Australia :

    • 9.5 days (average) between a breach occurring and misuse of credentials. It takes 90 days to detect it. The horse has already bolted by then !
    • 53% of businesses have multiple breaches
    • 43% of cyber-attacks are SMBs….easier targets, less resistance. Out of those, 22% are now closed.

Then there are undetected breaches…anyone’s guess as to how many of them ?

7) Does your business have procedures to handle a Data Breach ?

Brand can be destroyed in a moment with a badly handled breach.

8) If you have a Data Breach, will your business survive ?

Not only impacting your business but your lifestyle, family, clients and employees.

How did you go with the questions ?

If you have even the slightest concern about managing and protecting your personal information, please contact me and we can have a discussion on how to prepare your business.

Minimise data > minimise risk > build trust

Whether your business needs to comply with Privacy regulations or not, you have Privacy risk.

The more personal information collected and stored, the higher the risk to your business.

If data is not required by regulations, not required to provide products and/or services to your clients, employees, etc – then ask yourself, does my business really need this information? If not, then seriously look at disposing of it (in a secure way) or not even collecting it in the first place.

The days of ‘nice to have’ are gone. It must be ‘need to have’.

Well-defined and understood ‘housekeeping’ practices in place is imperative to minimising the amount of data collected and stored.

The attached article is a good read for any business owner as a reminder to minimise data and the value it brings.

Some key points in the article include:

  • Clients trust businesses to protect their data. It is becoming more critical than ever especially with the continued breaches hitting the headlines.
  • Businesses need to be more proactive and transparent with customers about how, where and why their data is used. Transparency and trust go hand in hand.
  • Clients want to know what they will get in return for sharing their information. It’s the old adage of “What’s in it for me?”.
  • Legislation changes targeted for 2nd half of 2019 will provide the Australian Privacy regulator (ie: OAIC) with significantly more powers and funding. Client and regulator expectations are rapidly rising.

Client trust

Not only do clients expect great products and services, they want their data managed and protected in the best possible way.

A survey conducted in 2018 of over 500 Australian SMBs (1) found :

  • 46% of SMBs responded their customers are increasingly opting out of data collection and sharing information, and
  • 49% of SMBs responded customer data is becoming increasingly critical for their day-to-day operations, and 60% to deliver more personalised services to ultimately grow their business.

Why ? Clients losing confidence and trust in businesses to protect their data.

What to do ? Businesses (not matter what size) must be more diligent in maintaining their role as trusted custodians of their client’s information to narrow this gap.

We are clients to many businesses and we expect this. So as business owners, why shouldn’t we deliver this to our clients ?

It’s imperative for your business to have sustainable and well-defined Privacy practices to minimise data and ultimately risk.

If you would like to know more about implementing a cost-effective and tailored Privacy Program, please contact me at Privacy Proactive.

 https://www.bandt.com.au/opinion/brands-adopting-data-minimalism

 [Source : (1) HP Australia IT Security Study conducted August to September 2018]

Protect your clients, protect your business

Recently, I had the opportunity to write an article for the ‘Northern Voice’, which is a fantastic monthly newsletter published by the Wyong Chamber of Commerce.

The topic was my pet subject – businesses need to protect their clients information.The article starts on page 12.

https://issuu.com/wyongchamber/docs/northern_voice_issue2_march2019/12

I would also encourage you to scroll through the rest of the ‘Northern Voice’ newsletter. The relevance of many topics goes well beyond the local area.

The key messages include :

  • Client’s personal information is a critical asset of any business whether they need to comply with any Privacy regulations or not
  • A sustainable Privacy program will deliver a competitive advantage
  • Small business are becoming more vulnerable
  • Businesses must have a mindset of ‘when’ not ‘if’ a breach will occur
  • If a breach is not handled well, trust will be lost and potentially clients

Privacy Proactive delivers tailored solutions to enable businesses to manage their Privacy risks. If you would like to know more, please contact me.

Why conducting a post-Privacy breach review is critical

Businesses must reduce the likelihood of the same breach reoccurring.

How many breaches will your clients tolerate? In the event that a breach occurs and you do not deal with the repercussions adequately, your client’s confidence and trust in your business will likely disappear and potentially lead them to take their business elsewhere.

In 2017, 43% of cyber-attacks in Australia targeted small businesses. Of those, 22% are now closed. The common thread to the closures was lack of trust and confidence in their information being protected.

Your business is the trusted custodian of your client’s information. They expect it to be handled and protected appropriately.

It’s vital to fully investigate the cause of the breach and the existing conditions which allowed the breach to occur.

 

 

More than likely, the ‘existing condition’ has been a risk for some time. It is a weak point in your Privacy practices. It’s an ‘open door’ for more potential breaches to be exploited.

 

If you come to the decision that the breach will not cause serious harm to anyone and is not an eligible data breach, the reality is, you still are at risk and have an ‘open door’. It must be closed by conducting the Review process.

A well-structured Data Breach Notification (DBN) Plan will take you through the ‘Review’ process . The plan will step you through the investigation, documentation and remediation phases. It will go a long way to closing the door.

The key steps of the Review process within the DBN Plan include :

  1. Identify the existing condition that allowed the breach to occur
  2. Develop an Action Plan to minimise future breaches
  3. Implement all the actions and communicate to appropriate Stakeholders

Your DBN Plan is not complete until all actions have been implemented and key stakeholders updated.

Privacy Proactive specialises in developing tailored DBN plans for businesses. If you would like to know more, please contact me.

Your brand can be destroyed in a matter of moments by a poorly handled Privacy breach

In 2017, 43% of cyberattacks in Australia targeted small businesses. Of those, 22% are now no longer in operation.

The common theme regarding why these businesses closed wasn’t so much fines and compensation but lack of trust and confidence, resulting in loss of customers.

After many years of working tirelessly to build your brand, it can be destroyed within minutes.

The attached article is a must read for any business owner especially those handling personal information with privacy obligations.

Some key takeaways of the article include:

  • Social media is giving customers even more power to make or break a brand
  • Privacy regulations globally are becoming stricter and businesses are in a precarious position
  • Trust is vital to the bottom line and building customer capital, and can be an insurance in a crisis
  • Transparency is key in collection and use of customer information, and the handling of a breach when it occurs
  • Businesses need to prioritise disclosure and transparency with customers
  • It is how organisations handle the breach from beginning to end that will have a lasting impact on customer trust and public perception
  • A well-handled breach can restore and even enhance brand reputation
  • Customers are becoming savvier and it’s the brands who can show what lengths they are going to, to protect their data that will succeed in the end.

Lastly, a great learning from the recent Marriott data breach. Although overall, they handled the breach reasonably well, their communication to customers lacked empathy and leadership. There was no expression of regret and most importantly, it did not appear to come from the top.

From a customer’s perspective, business leaders must take responsibility for the breach and be seen to be doing so.

Enjoy the read…..

https://www.cmo.com.au/article/651044/brand-reputation-why-marketers-need-making-data-security-priority/

Privacy Compliance can give your business that vital competitive edge

Meeting your Privacy obligations is the law. This is non-negotiable.

In addition to being compliant, it is a great opportunity for your business to grab hold of a vital competitive advantage. It could be just enough to get ahead of your competitors in a very tough business environment.

 

As a business, one of your

most competitive and valuable assets

is customer data.

 

 

However, customers are becoming more reluctant to share information due to lack of confidence and trust in SMBs to protect their data. As a result, this can lead to a widening gap of customer’s personal information being provided, which can ultimately affect business success.

A survey conducted in 2018 of over 500 Australian SMBs (1) confirms this trend.

  • 46% of SMBs responded their customers are increasingly opting out of data collection and sharing information, and
  • 49% of SMBs responded customer data is becoming increasingly critical for their day-to-day operations, and 60% to deliver more personalised services to ultimately grow their business.

Building trust with your customers is key to narrowing this gap.

SMBs must be more diligent in maintaining their role as trusted custodians of their customers information.

Implementing a robust and sustainable Privacy program will go a long way in building customers trust and confidence. It will enable you to better manage and protect your Privacy risks.

[Source : (1) HP Australia IT Security Study conducted August to September 2018]

How a business handles a Privacy breach will have a lasting impact on customer trust.

Businesses must prepare as best as possible to minimise the likelihood of a breach, and just as importantly, minimise the damage of a breach when it occurs.

A well-prepared Data Breach Notification (DBN) plan will go a long way to minimising the impact of a breach.

 

Impact of poorly prepared responses to breaches

During 2017 in Australia, 43% of cyber-attacks targeted small businesses. Out of those, 22% have closed. The common thread for many of the closures was inadequate handling of the breach resulting in loss of trust and reputation, and ultimately loss of customers and revenue.

Large businesses also suffered breaches, and many did not handle the post-breach situation well (eg: PageUp, Cathay Pacific, FaceBook, etc). There was significant room for improvement and a well prepared DBN plan would have gone a long way to achieving this. The impact on large businesses may not be closure but certainly a significant dint in trust and reputation, on top of potential class actions, regulatory actions, and compensation.

 

Trust is a marketable brand asset of any business.

Businesses can give comfort and build trust of clients by treating their data with the utmost level of care, and by treating them with the respect they deserve when a breach occurs.

It’s a great business opportunity to gain that competitive advantage.

It could be just enough to ‘sway’ potential clients to come onboard or existing clients to ‘stay’ onboard.

 

Privacy Proactive can help your business prepare for a breach

At Privacy Proactive, we  :

  1. Implement a tailored DBN plan aligned with your business needs
  2. Provide you support during a Breach
  3. Ensure any regulatory changes are built into your DBN plan immediately
  4. Review your DBN plan annually to make sure it’s current
  5. Provide DBN training annually to make sure everyone in your business understands the plan and their responsibilities

 

If you would like to know more about preparing for a Data Breach and how Privacy Proactive could help your business, please contact me.