10 steps businesses should take to safeguard data

What steps should your clients take to ensure they're ready for Australia's new privacy legislation? Read on to find out.

Insurance News

By

Yesterday, Insurance Business reported that the Privacy Commissioner was expected to take a hard line on organisations that fail to live up to the requirements of new legislation - and that corporates are amongst the worst-prepared for the regime.

So, what should your clients – and you – be doing to safeguard data (other than obtaining cyber insurance, of course)? Here's IT consultant Protiviti's top ten tips to become compliant with the 13 Australian Privacy Principles.

10 steps businesses should take to become APP-ready
  1. Identify the classes of personal information collected and held.  Examples include: contact details, employment history, educational qualifications, racial or ethnic origin, Tax File Numbers, health information
 
  1. Identify how such information is collected, held, used and disclosed, and the purposes for which it is collected and used
 
  1. Identify the scope of any cross-border disclosures including where possible, the countries where recipients are likely to be located
 
  1. Review and update procedures and policies for managing the privacy risks at each stage of the lifecycle of this information, including at the time of collection, use, disclosure, storage and destruction
 
  1. Implement security systems for protecting the information from misuse, interference, loss and unauthorised disclosure, such as IT systems, internal access controls and audit trails
 
  1. Implement procedures for identifying and reporting privacy breaches and for receiving and addressing complaints
 
  1. Implement access and correction procedures
 
  1. Introduce procedures to give individuals the option of not identifying themselves or of using a pseudonym
 
  1. Establish a process to conduct a privacy impact assessment for any new projects where personal information will be handled
 
  1. Establish governance mechanisms to ensure ongoing compliance with the APPs such as appointing designated privacy officers and regular reporting to the board and management.

For more on the cyber risk and privacy landscape, see issue 3.1 of Insurance Business, arriving on desks early March.

 
 

LATEST NEWS

AIG general insurance chair to retire
INSURANCE NEWS

AIG general insurance chair to retire

Gallagher announces merger with trade credit insurance broker
INSURANCE NEWS

Gallagher announces merger with trade credit insurance broker

Taming the stallions in professional risks
INSURANCE NEWS

Taming the stallions in professional risks

GB’s specialised offerings fight mental health challenge
CLAIMS

GB’s specialised offerings fight mental health challenge

icare extends support following Westfield Bondi Junction incident
LIFE & HEALTH

icare extends support following Westfield Bondi Junction incident

Keep up with the latest news and events

Join our mailing list, it’s free!