Do you have a handle on your businesses personal information ?

Businesses must be diligent in maintaining their role as trusted custodians of their client’s information. This should be one of the highest priorities within your business.

By building trust and confidence with one of your most valuable assets, clients, it will deliver a competitive advantage that every business must grab hold of.

So, where do you start?

By understanding your Privacy responsibilities, and how you currently measure up against them.

At Privacy Proactive, we offer a free consultation to help you start gathering the relevant data to enable you to weigh up the risks and benefits.


Below are some of the discussion points we start with to get the ball rolling.

1) Does your business need to comply with any Privacy regulations?

Not only may you need to comply with various Australian regulations, but possibly other jurisdictions such as the European GDPR.

Even if your business is not required to comply, client’s still expect their personal information to be protected.

2) Do you know where your businesses personal information is stored?

To protect, you need to know what information you have, where it is located and who has access.

3) Have all reasonable steps been taken to ensure the appropriate level of protection of your personal information ?

You can sleep better at night knowing you have done as much as you can. It may not be enough to avoid a breach but at least you have taken reasonable steps to minimise the likelihood.

4) Are you confident the 3rd parties, who handle your personal information, have taken all reasonable steps to protect it ?

A 2018 survey in Australia, found 67% of business owners are not confident about the 3rd parties protecting their personal information.

Any wonder there is a lack of confidence in the community ?

5) Is your staff fully aware of their responsibilities in handling personal information ?

Since the introduction of the Notifiable Data Breach scheme in Australia in Feb 2018, 35% of breaches are due to human error. This does not include Email phishing which would push it closer to 60%.

6) Do you feel confident your business will not have a data breach ?

A few disturbing facts coming out of recent surveys in Australia :

    • 9.5 days (average) between a breach occurring and misuse of credentials. It takes 90 days to detect it. The horse has already bolted by then !
    • 53% of businesses have multiple breaches
    • 43% of cyber-attacks are SMBs….easier targets, less resistance. Out of those, 22% are now closed.

Then there are undetected breaches…anyone’s guess as to how many of them ?

7) Does your business have procedures to handle a Data Breach ?

Brand can be destroyed in a moment with a badly handled breach.

8) If you have a Data Breach, will your business survive ?

Not only impacting your business but your lifestyle, family, clients and employees.

How did you go with the questions ?

If you have even the slightest concern about managing and protecting your personal information, please contact me and we can have a discussion on how to prepare your business.

Minimise data > minimise risk > build trust

Whether your business needs to comply with Privacy regulations or not, you have Privacy risk.

The more personal information collected and stored, the higher the risk to your business.

If data is not required by regulations, not required to provide products and/or services to your clients, employees, etc – then ask yourself, does my business really need this information? If not, then seriously look at disposing of it (in a secure way) or not even collecting it in the first place.

The days of ‘nice to have’ are gone. It must be ‘need to have’.

Well-defined and understood ‘housekeeping’ practices in place is imperative to minimising the amount of data collected and stored.

The attached article is a good read for any business owner as a reminder to minimise data and the value it brings.

Some key points in the article include:

  • Clients trust businesses to protect their data. It is becoming more critical than ever especially with the continued breaches hitting the headlines.
  • Businesses need to be more proactive and transparent with customers about how, where and why their data is used. Transparency and trust go hand in hand.
  • Clients want to know what they will get in return for sharing their information. It’s the old adage of “What’s in it for me?”.
  • Legislation changes targeted for 2nd half of 2019 will provide the Australian Privacy regulator (ie: OAIC) with significantly more powers and funding. Client and regulator expectations are rapidly rising.

Client trust

Not only do clients expect great products and services, they want their data managed and protected in the best possible way.

A survey conducted in 2018 of over 500 Australian SMBs (1) found :

  • 46% of SMBs responded their customers are increasingly opting out of data collection and sharing information, and
  • 49% of SMBs responded customer data is becoming increasingly critical for their day-to-day operations, and 60% to deliver more personalised services to ultimately grow their business.

Why ? Clients losing confidence and trust in businesses to protect their data.

What to do ? Businesses (not matter what size) must be more diligent in maintaining their role as trusted custodians of their client’s information to narrow this gap.

We are clients to many businesses and we expect this. So as business owners, why shouldn’t we deliver this to our clients ?

It’s imperative for your business to have sustainable and well-defined Privacy practices to minimise data and ultimately risk.

If you would like to know more about implementing a cost-effective and tailored Privacy Program, please contact me at Privacy Proactive.

 [Source : (1) HP Australia IT Security Study conducted August to September 2018]

Protect your clients, protect your business

Recently, I had the opportunity to write an article for the ‘Northern Voice’, which is a fantastic monthly newsletter published by the Wyong Chamber of Commerce.

The topic was my pet subject – businesses need to protect their clients information.The article starts on page 12.

I would also encourage you to scroll through the rest of the ‘Northern Voice’ newsletter. The relevance of many topics goes well beyond the local area.

The key messages include :

  • Client’s personal information is a critical asset of any business whether they need to comply with any Privacy regulations or not
  • A sustainable Privacy program will deliver a competitive advantage
  • Small business are becoming more vulnerable
  • Businesses must have a mindset of ‘when’ not ‘if’ a breach will occur
  • If a breach is not handled well, trust will be lost and potentially clients

Privacy Proactive delivers tailored solutions to enable businesses to manage their Privacy risks. If you would like to know more, please contact me.

Why conducting a post-Privacy breach review is critical

Businesses must reduce the likelihood of the same breach reoccurring.

How many breaches will your clients tolerate? In the event that a breach occurs and you do not deal with the repercussions adequately, your client’s confidence and trust in your business will likely disappear and potentially lead them to take their business elsewhere.

In 2017, 43% of cyber-attacks in Australia targeted small businesses. Of those, 22% are now closed. The common thread to the closures was lack of trust and confidence in their information being protected.

Your business is the trusted custodian of your client’s information. They expect it to be handled and protected appropriately.

It’s vital to fully investigate the cause of the breach and the existing conditions which allowed the breach to occur.



More than likely, the ‘existing condition’ has been a risk for some time. It is a weak point in your Privacy practices. It’s an ‘open door’ for more potential breaches to be exploited.


If you come to the decision that the breach will not cause serious harm to anyone and is not an eligible data breach, the reality is, you still are at risk and have an ‘open door’. It must be closed by conducting the Review process.

A well-structured Data Breach Notification (DBN) Plan will take you through the ‘Review’ process . The plan will step you through the investigation, documentation and remediation phases. It will go a long way to closing the door.

The key steps of the Review process within the DBN Plan include :

  1. Identify the existing condition that allowed the breach to occur
  2. Develop an Action Plan to minimise future breaches
  3. Implement all the actions and communicate to appropriate Stakeholders

Your DBN Plan is not complete until all actions have been implemented and key stakeholders updated.

Privacy Proactive specialises in developing tailored DBN plans for businesses. If you would like to know more, please contact me.

Your brand can be destroyed in a matter of moments by a poorly handled Privacy breach

In 2017, 43% of cyberattacks in Australia targeted small businesses. Of those, 22% are now no longer in operation.

The common theme regarding why these businesses closed wasn’t so much fines and compensation but lack of trust and confidence, resulting in loss of customers.

After many years of working tirelessly to build your brand, it can be destroyed within minutes.

The attached article is a must read for any business owner especially those handling personal information with privacy obligations.

Some key takeaways of the article include:

  • Social media is giving customers even more power to make or break a brand
  • Privacy regulations globally are becoming stricter and businesses are in a precarious position
  • Trust is vital to the bottom line and building customer capital, and can be an insurance in a crisis
  • Transparency is key in collection and use of customer information, and the handling of a breach when it occurs
  • Businesses need to prioritise disclosure and transparency with customers
  • It is how organisations handle the breach from beginning to end that will have a lasting impact on customer trust and public perception
  • A well-handled breach can restore and even enhance brand reputation
  • Customers are becoming savvier and it’s the brands who can show what lengths they are going to, to protect their data that will succeed in the end.

Lastly, a great learning from the recent Marriott data breach. Although overall, they handled the breach reasonably well, their communication to customers lacked empathy and leadership. There was no expression of regret and most importantly, it did not appear to come from the top.

From a customer’s perspective, business leaders must take responsibility for the breach and be seen to be doing so.

Enjoy the read…..

Privacy Compliance can give your business that vital competitive edge

Meeting your Privacy obligations is the law. This is non-negotiable.

In addition to being compliant, it is a great opportunity for your business to grab hold of a vital competitive advantage. It could be just enough to get ahead of your competitors in a very tough business environment.


As a business, one of your

most competitive and valuable assets

is customer data.



However, customers are becoming more reluctant to share information due to lack of confidence and trust in SMBs to protect their data. As a result, this can lead to a widening gap of customer’s personal information being provided, which can ultimately affect business success.

A survey conducted in 2018 of over 500 Australian SMBs (1) confirms this trend.

  • 46% of SMBs responded their customers are increasingly opting out of data collection and sharing information, and
  • 49% of SMBs responded customer data is becoming increasingly critical for their day-to-day operations, and 60% to deliver more personalised services to ultimately grow their business.

Building trust with your customers is key to narrowing this gap.

SMBs must be more diligent in maintaining their role as trusted custodians of their customers information.

Implementing a robust and sustainable Privacy program will go a long way in building customers trust and confidence. It will enable you to better manage and protect your Privacy risks.

[Source : (1) HP Australia IT Security Study conducted August to September 2018]

How a business handles a Privacy breach will have a lasting impact on customer trust.

Businesses must prepare as best as possible to minimise the likelihood of a breach, and just as importantly, minimise the damage of a breach when it occurs.

A well-prepared Data Breach Notification (DBN) plan will go a long way to minimising the impact of a breach.


Impact of poorly prepared responses to breaches

During 2017 in Australia, 43% of cyber-attacks targeted small businesses. Out of those, 22% have closed. The common thread for many of the closures was inadequate handling of the breach resulting in loss of trust and reputation, and ultimately loss of customers and revenue.

Large businesses also suffered breaches, and many did not handle the post-breach situation well (eg: PageUp, Cathay Pacific, FaceBook, etc). There was significant room for improvement and a well prepared DBN plan would have gone a long way to achieving this. The impact on large businesses may not be closure but certainly a significant dint in trust and reputation, on top of potential class actions, regulatory actions, and compensation.


Trust is a marketable brand asset of any business.

Businesses can give comfort and build trust of clients by treating their data with the utmost level of care, and by treating them with the respect they deserve when a breach occurs.

It’s a great business opportunity to gain that competitive advantage.

It could be just enough to ‘sway’ potential clients to come onboard or existing clients to ‘stay’ onboard.


Privacy Proactive can help your business prepare for a breach

At Privacy Proactive, we  :

  1. Implement a tailored DBN plan aligned with your business needs
  2. Provide you support during a Breach
  3. Ensure any regulatory changes are built into your DBN plan immediately
  4. Review your DBN plan annually to make sure it’s current
  5. Provide DBN training annually to make sure everyone in your business understands the plan and their responsibilities


If you would like to know more about preparing for a Data Breach and how Privacy Proactive could help your business, please contact me.

Regardless of turnover, small businesses that handle Tax File Numbers (TFNs) have legal obligations to protect them.

This includes every employer

The Australian Privacy Act 1988 (Cth) states  “if a business is a recipient of TFN information it must comply with the Privacy (Tax File Number) Rule 2015 (TFN Rule)”.

Many small business owners assume they do not have any obligations under the Act on account of the size of their annual turnover. However, in these circumstances, small businesses do have legal obligations regarding privacy.

What is the Privacy TFN Rule 2015 ?

This rule regulates the collection, storage, use, disclosure, security and disposal of individuals’ Tax File Number information.

A breach of the TFN Rule under the Privacy Act could result in civil penalties and compensation for damages. Not to mention loss of trust and reputation, and possible loss of clients and revenue.

Individuals who consider their TFN information has been mishandled may make a complaint to the Privacy Commissioner.

Why is it important to protect TFNs ?

  1. They are unique identifiers which are issued to individuals for life.
  2. They could potentially be used by all TFN recipients as part of a national identification system.
  3. They could be used to match, or link records of personal information held by many different TFN recipients.

What does your business need to do ?

As TFN recipients, your business should at least :

  1. have clearly defined TFN policies and practices
  2. restrict access to records containing TFN information to only staff who need to handle this information
  3. ensure staff are fully aware of their responsibilities
  4. have appropriate security controls
  5. have plans to handle a breach when it occurs

If you would like to know more about the TFN Rule, your obligations and how Privacy Proactive could help your business, please contact me.

More Centrelink bungle sees private documents accidentally shared with Melbourne stranger

Human error is playing a significant part in Privacy Data Breaches in Australia.

Since the introduction of the Mandatory Notifiable Data Breach Scheme on 22/2/18, 51% of breaches reported have been due to human error.


How to minimise these ?

On-going training will start to build awareness and move towards ingraining the correct ‘habits’ into staff. It takes time and effort but a well developed training plan is moving in the right direction.


Read more….

Senate backs push for GDPR-style data laws in Australia


The Senate backed a motion to strengthen the Australian Privacy Law to be more like the European Union recently introduced law (ie: GDPR). Interestingly, this same motion was knocked back in the Senate a few months earlier.

What has occurred in the meantime ? FaceBook – Cambridge Analytica data scandal.

More and more breaches are and will be reported putting pressure on governments all over the world to have stricter privacy laws in place to protect personal information.

South Korea, Japan and Brazil are already moving down this path. More will follow….including Australia.

Read more….