Healthcare Sector – Data breaches – reality, costs and prevention

Attached is a ‘must read’ article for all business owners in the Healthcare sector.

A few key points :

  • There has been a significant increase in health information being stored and transmitted with the uptake of technologies
  • Healthcare sector is the number one sector for data breaches.
  • Internal factors (eg: employee carelessness and misbehavior) is the number one cause of breaches within the sector. Why ? Increase in the uptake of technologies, weak internal controls, and lack of cybersecurity awareness.
  • High stakes are involved – business, financial, social and reputational repercussions

A good reminder to be proactive and prepare as best as possible to :

  • minimise the likelihood of a breach (ie: implement robust and sustainable Privacy practices, staff training, review current practices and systems, regular reviews of data storage process, etc), and
  • minimise the damage of a breach when it occurs (eg: Data Breach Response plan).

Enjoy the read….

https://www.allens.com.au/pubs/priv/pulse-1810/article-04.htm

Minimise data > minimise risk > build trust

Whether your business needs to comply with Privacy regulations or not, you have Privacy risk.

The more personal information collected and stored, the higher the risk to your business.

If data is not required by regulations, not required to provide products and/or services to your clients, employees, etc – then ask yourself, does my business really need this information? If not, then seriously look at disposing of it (in a secure way) or not even collecting it in the first place.

The days of ‘nice to have’ are gone. It must be ‘need to have’.

Well-defined and understood ‘housekeeping’ practices in place is imperative to minimising the amount of data collected and stored.

The attached article is a good read for any business owner as a reminder to minimise data and the value it brings.

Some key points in the article include:

  • Clients trust businesses to protect their data. It is becoming more critical than ever especially with the continued breaches hitting the headlines.
  • Businesses need to be more proactive and transparent with customers about how, where and why their data is used. Transparency and trust go hand in hand.
  • Clients want to know what they will get in return for sharing their information. It’s the old adage of “What’s in it for me?”.
  • Legislation changes targeted for 2nd half of 2019 will provide the Australian Privacy regulator (ie: OAIC) with significantly more powers and funding. Client and regulator expectations are rapidly rising.

Client trust

Not only do clients expect great products and services, they want their data managed and protected in the best possible way.

A survey conducted in 2018 of over 500 Australian SMBs (1) found :

  • 46% of SMBs responded their customers are increasingly opting out of data collection and sharing information, and
  • 49% of SMBs responded customer data is becoming increasingly critical for their day-to-day operations, and 60% to deliver more personalised services to ultimately grow their business.

Why ? Clients losing confidence and trust in businesses to protect their data.

What to do ? Businesses (not matter what size) must be more diligent in maintaining their role as trusted custodians of their client’s information to narrow this gap.

We are clients to many businesses and we expect this. So as business owners, why shouldn’t we deliver this to our clients ?

It’s imperative for your business to have sustainable and well-defined Privacy practices to minimise data and ultimately risk.

If you would like to know more about implementing a cost-effective and tailored Privacy Program, please contact me at Privacy Proactive.

 https://www.bandt.com.au/opinion/brands-adopting-data-minimalism

 [Source : (1) HP Australia IT Security Study conducted August to September 2018]

Protect your clients, protect your business

Recently, I had the opportunity to write an article for the ‘Northern Voice’, which is a fantastic monthly newsletter published by the Wyong Chamber of Commerce.

The topic was my pet subject – businesses need to protect their clients information.The article starts on page 12.

https://issuu.com/wyongchamber/docs/northern_voice_issue2_march2019/12

I would also encourage you to scroll through the rest of the ‘Northern Voice’ newsletter. The relevance of many topics goes well beyond the local area.

The key messages include :

  • Client’s personal information is a critical asset of any business whether they need to comply with any Privacy regulations or not
  • A sustainable Privacy program will deliver a competitive advantage
  • Small business are becoming more vulnerable
  • Businesses must have a mindset of ‘when’ not ‘if’ a breach will occur
  • If a breach is not handled well, trust will be lost and potentially clients

Privacy Proactive delivers tailored solutions to enable businesses to manage their Privacy risks. If you would like to know more, please contact me.

Why conducting a post-Privacy breach review is critical

Businesses must reduce the likelihood of the same breach reoccurring.

How many breaches will your clients tolerate? In the event that a breach occurs and you do not deal with the repercussions adequately, your client’s confidence and trust in your business will likely disappear and potentially lead them to take their business elsewhere.

In 2017, 43% of cyber-attacks in Australia targeted small businesses. Of those, 22% are now closed. The common thread to the closures was lack of trust and confidence in their information being protected.

Your business is the trusted custodian of your client’s information. They expect it to be handled and protected appropriately.

It’s vital to fully investigate the cause of the breach and the existing conditions which allowed the breach to occur.

 

 

More than likely, the ‘existing condition’ has been a risk for some time. It is a weak point in your Privacy practices. It’s an ‘open door’ for more potential breaches to be exploited.

 

If you come to the decision that the breach will not cause serious harm to anyone and is not an eligible data breach, the reality is, you still are at risk and have an ‘open door’. It must be closed by conducting the Review process.

A well-structured Data Breach Notification (DBN) Plan will take you through the ‘Review’ process . The plan will step you through the investigation, documentation and remediation phases. It will go a long way to closing the door.

The key steps of the Review process within the DBN Plan include :

  1. Identify the existing condition that allowed the breach to occur
  2. Develop an Action Plan to minimise future breaches
  3. Implement all the actions and communicate to appropriate Stakeholders

Your DBN Plan is not complete until all actions have been implemented and key stakeholders updated.

Privacy Proactive specialises in developing tailored DBN plans for businesses. If you would like to know more, please contact me.

Your brand can be destroyed in a matter of moments by a poorly handled Privacy breach

In 2017, 43% of cyberattacks in Australia targeted small businesses. Of those, 22% are now no longer in operation.

The common theme regarding why these businesses closed wasn’t so much fines and compensation but lack of trust and confidence, resulting in loss of customers.

After many years of working tirelessly to build your brand, it can be destroyed within minutes.

The attached article is a must read for any business owner especially those handling personal information with privacy obligations.

Some key takeaways of the article include:

  • Social media is giving customers even more power to make or break a brand
  • Privacy regulations globally are becoming stricter and businesses are in a precarious position
  • Trust is vital to the bottom line and building customer capital, and can be an insurance in a crisis
  • Transparency is key in collection and use of customer information, and the handling of a breach when it occurs
  • Businesses need to prioritise disclosure and transparency with customers
  • It is how organisations handle the breach from beginning to end that will have a lasting impact on customer trust and public perception
  • A well-handled breach can restore and even enhance brand reputation
  • Customers are becoming savvier and it’s the brands who can show what lengths they are going to, to protect their data that will succeed in the end.

Lastly, a great learning from the recent Marriott data breach. Although overall, they handled the breach reasonably well, their communication to customers lacked empathy and leadership. There was no expression of regret and most importantly, it did not appear to come from the top.

From a customer’s perspective, business leaders must take responsibility for the breach and be seen to be doing so.

Enjoy the read…..

https://www.cmo.com.au/article/651044/brand-reputation-why-marketers-need-making-data-security-priority/

Privacy Compliance can give your business that vital competitive edge

Meeting your Privacy obligations is the law. This is non-negotiable.

In addition to being compliant, it is a great opportunity for your business to grab hold of a vital competitive advantage. It could be just enough to get ahead of your competitors in a very tough business environment.

 

As a business, one of your

most competitive and valuable assets

is customer data.

 

 

However, customers are becoming more reluctant to share information due to lack of confidence and trust in SMBs to protect their data. As a result, this can lead to a widening gap of customer’s personal information being provided, which can ultimately affect business success.

A survey conducted in 2018 of over 500 Australian SMBs (1) confirms this trend.

  • 46% of SMBs responded their customers are increasingly opting out of data collection and sharing information, and
  • 49% of SMBs responded customer data is becoming increasingly critical for their day-to-day operations, and 60% to deliver more personalised services to ultimately grow their business.

Building trust with your customers is key to narrowing this gap.

SMBs must be more diligent in maintaining their role as trusted custodians of their customers information.

Implementing a robust and sustainable Privacy program will go a long way in building customers trust and confidence. It will enable you to better manage and protect your Privacy risks.

[Source : (1) HP Australia IT Security Study conducted August to September 2018]

How a business handles a Privacy breach will have a lasting impact on customer trust.

Businesses must prepare as best as possible to minimise the likelihood of a breach, and just as importantly, minimise the damage of a breach when it occurs.

A well-prepared Data Breach Notification (DBN) plan will go a long way to minimising the impact of a breach.

 

Impact of poorly prepared responses to breaches

During 2017 in Australia, 43% of cyber-attacks targeted small businesses. Out of those, 22% have closed. The common thread for many of the closures was inadequate handling of the breach resulting in loss of trust and reputation, and ultimately loss of customers and revenue.

Large businesses also suffered breaches, and many did not handle the post-breach situation well (eg: PageUp, Cathay Pacific, FaceBook, etc). There was significant room for improvement and a well prepared DBN plan would have gone a long way to achieving this. The impact on large businesses may not be closure but certainly a significant dint in trust and reputation, on top of potential class actions, regulatory actions, and compensation.

 

Trust is a marketable brand asset of any business.

Businesses can give comfort and build trust of clients by treating their data with the utmost level of care, and by treating them with the respect they deserve when a breach occurs.

It’s a great business opportunity to gain that competitive advantage.

It could be just enough to ‘sway’ potential clients to come onboard or existing clients to ‘stay’ onboard.

 

Privacy Proactive can help your business prepare for a breach

At Privacy Proactive, we  :

  1. Implement a tailored DBN plan aligned with your business needs
  2. Provide you support during a Breach
  3. Ensure any regulatory changes are built into your DBN plan immediately
  4. Review your DBN plan annually to make sure it’s current
  5. Provide DBN training annually to make sure everyone in your business understands the plan and their responsibilities

 

If you would like to know more about preparing for a Data Breach and how Privacy Proactive could help your business, please contact me.

Regardless of turnover, small businesses that handle Tax File Numbers (TFNs) have legal obligations to protect them.

This includes every employer

The Australian Privacy Act 1988 (Cth) states  “if a business is a recipient of TFN information it must comply with the Privacy (Tax File Number) Rule 2015 (TFN Rule)”.

Many small business owners assume they do not have any obligations under the Act on account of the size of their annual turnover. However, in these circumstances, small businesses do have legal obligations regarding privacy.

What is the Privacy TFN Rule 2015 ?

This rule regulates the collection, storage, use, disclosure, security and disposal of individuals’ Tax File Number information.

A breach of the TFN Rule under the Privacy Act could result in civil penalties and compensation for damages. Not to mention loss of trust and reputation, and possible loss of clients and revenue.

Individuals who consider their TFN information has been mishandled may make a complaint to the Privacy Commissioner.

Why is it important to protect TFNs ?

  1. They are unique identifiers which are issued to individuals for life.
  2. They could potentially be used by all TFN recipients as part of a national identification system.
  3. They could be used to match, or link records of personal information held by many different TFN recipients.

What does your business need to do ?

As TFN recipients, your business should at least :

  1. have clearly defined TFN policies and practices
  2. restrict access to records containing TFN information to only staff who need to handle this information
  3. ensure staff are fully aware of their responsibilities
  4. have appropriate security controls
  5. have plans to handle a breach when it occurs

If you would like to know more about the TFN Rule, your obligations and how Privacy Proactive could help your business, please contact me.

More Centrelink bungle sees private documents accidentally shared with Melbourne stranger

Human error is playing a significant part in Privacy Data Breaches in Australia.

Since the introduction of the Mandatory Notifiable Data Breach Scheme on 22/2/18, 51% of breaches reported have been due to human error.

 

How to minimise these ?

On-going training will start to build awareness and move towards ingraining the correct ‘habits’ into staff. It takes time and effort but a well developed training plan is moving in the right direction.

 

Read more….

http://www.abc.net.au/news/2018-06-25/centrelink-data-breach-sees-personal-documents-given-to-stranger/9906998

Senate backs push for GDPR-style data laws in Australia

 

The Senate backed a motion to strengthen the Australian Privacy Law to be more like the European Union recently introduced law (ie: GDPR). Interestingly, this same motion was knocked back in the Senate a few months earlier.

What has occurred in the meantime ? FaceBook – Cambridge Analytica data scandal.

More and more breaches are and will be reported putting pressure on governments all over the world to have stricter privacy laws in place to protect personal information.

South Korea, Japan and Brazil are already moving down this path. More will follow….including Australia.

Read more….

https://www.itnews.com.au/news/senate-backs-greens-push-for-gdpr-style-data-laws-490702?utm_source=mobile&utm_medium=email&utm_campaign=share