Coming Soon

The 2FA Show On-demand security-based streaming content. A new initiative from KBI:

Why Renewal of Your Privacy Practice is Critical
by Jo Stewart-Rattray

It is without doubt that the COVID-19 pandemic forced some of the most significant changes in society, business and workforce practices in the last century. With billions of consumers and workers driven online, businesses adapted and accelerated their digital strategies. As staff worked remotely and scammers capitalised on the explosion of e-commerce, so, too, were weaknesses in privacy strategies exposed.

Following this time of great change and in a rapidly growing digital economy, the review and renewal of an organisation’s privacy program is critical. So, what are some of the ways an organisation can build and refresh for a more robust and adaptable privacy program?

Step 1 – Implement a Privacy Program Review

The first step towards renewal is a thorough review of an organisation’s current position. Such audits can include a privacy:

  • Risk Assessment
  • Impact Assessment
  • Self-assessment
  • Audit/assessment and,
  • Evaluation of the Number and Type of Incidents

 

Step 2 – Understand New Legal, Regulatory and Privacy Obligations

Regular reviews ensure that a privacy program addresses both the current and evolving landscape driven by complex legislation and regulations across the jurisdictions the business may operate in, as well as the privacy and security risks associated with new technologies and changing business practices.

Beyond privacy legislation requirements, organisations should also regularly review how they can best protect and meet growing customer expectations.

 

Step 3 – Resourcing Skilled Teams

Staffing effective privacy (and security) teams requires a range of skills including security, compliance and legal expertise, experience in privacy frameworks and controls, hands-on experience in a privacy role, and security and technical expertise in current and emerging technologies and applications. Most organisations in Australia are small to medium size enterprises and will not have dedicated privacy teams, which is where the security and privacy functions in an organisation often converge.

The current shortage of skilled staff present challenges for hiring managers but a range of creative solutions may help resolve this issue:

  • Retrain suitable candidates from other departments within the organisation
  • Offer inhouse career development opportunities to lift hands-on experience
  • Sponsor professional accreditation, education and training
  • Fund ongoing reskilling and training programs

 

Step 4 – Privacy by Design

Organisations that implement privacy by design go beyond compliance-driven privacy programs. When implementing this best practice in data privacy and compliance, organisations are more highly regarded and trusted by customers, shareholders and board of directors.

Some additional privacy and security controls that go beyond legal requirements include:

  • Encryption
  • Identity and Access Management
  • Data Security
  • Data Loss Prevention
  • Incident Response Plan
  • Policy Management
  • Third-party Risk Management
  • Cryptographic Protection
  • Data Minimisation and Retention
  • Data Quality and Integrity
  • Use Limitation
  • Pseudonymisation

 

Privacy is never going to be a set and forget investment for business just as security is not. New challenges will appear. Old ones will morph and evolve. Governments will implement new legislation and regulations to address new technologies and practices. Community expectations will demand more. The organisation that either has the skills and resources to adapt to the privacy challenges ahead, or that recruits appropriate and credentialed third parties as and when required, will thrive and survive.

 

More information?

Privacy in Practice 2022 report, sponsored by OneTrust.

 

Jo Stewart-Rattray

Jo Stewart-Rattray Information Security Advisory Group, ISACA Vice President - Community Boards, Australian Computer Society Director, National Rural Women’s Coalition Jo has over 25 years’ experience in the security industry. She consults in risk and technology issues with a particular emphasis on governance and IT security in businesses as a Director with BRM Advisory. She regularly provides strategic advice and consulting to the banking and finance, utilities, healthcare, manufacturing, tertiary education, retail, and government sectors.