A business can be at risk of litigation if they use customers’ personal information improperly or without enough care. With most businesses now storing at least some customer information online, it is essential to know what you can do to keep this information secure.
The Australian Privacy principles in Schedule 1 of The Privacy Act 1988 (Cth)(Privacy Act) requires businesses to protect the information they hold from misuse, interference, unauthorised access or unauthorised modification. This included the proper disposal or de-identification of personal information when it is no longer needed.
Business must comply with the Australian Privacy Principles if they have an annual turnover of $3,000,000 or if they meet any of the following criteria:
- They are a health service provider
- They are trading in personal information, ie: buying or selling a mailing list
- A contractor that provides services under a Commonwealth contract
- A reporting entity for the purposes of the Anti-money Laundering and Counter Terrorist Act
- An operator of a residential tenancy database
- A credit reporting body
- Businesses that have opted to be covered by the Act
Businesses who ensure proper protection of their clients personal information are not only protecting themselves against litigation, but are positively influencing their customer relationship management.
Customers who believe a business is acting professionally and ethically in terms of their personal information are more likely to build trust and commitment towards a business.
Tips for Protecting Customer Information
Businesses can use these tips to protect their customers information, foster a feeling of trust, and protect against litigation
Limit employee access to customer data to a “need to know” basis. This will ensure that sensitive information is only accessed by those within the organisation who need it.
Make sure that all employees are properly trained in your business’s privacy policies, processes and procedures. This should include training on how to pick up on suspicious emails and how to report them.
Lock computers & use strong passwords
Ensure that all computers are protected with strong passwords and are always locked when not attended. This includes properly locking up any laptops that contain sensitive information.
Make sure that all passwords that protect sensitive information are strong, meaning they are long, include numbers or symbols and are unique.
Provide privacy notices
Provide all customers with a privacy notice explaining exactly what information you require, why you require it and how you plan to handle this information, and ensure that you stick to these outlines.
Everybody in an organisation has a role in making sure that privacy of consumers is protected, although there should be a senior member of staff who is in charge of the overall privacy of the company. This professional should know the internal policies of the business and their responsibilities under the Privacy Act and ensure that both are complied with.
Layer your E-Security
Ensure that you have multiple layers of protection on your website and internal systems. This means installing firewalls, antivirus software, two-level authentication, and other layers of protection.
Have a data breach plan
All companies should have a data breach response plan that all employees are aware of. All employees and clients should be notified if there is a data breach.
Get the help from us
At Owen Hodge Lawyers, we are always happy to work with employers to ensure that your workplace is protected from any rapidly developing online security risks, including how to make sure that you are protecting your customer’s information.
In the event that you find yourself in need of assistance with work related issues, please don’t hesitate to contact the offices of Owen Hodge Lawyers. At Owen Hodge, we are always happy to assist clients in understanding the full ramifications of any legal needs. Please feel free to call us at your earliest convenience to schedule a consultation on 1800 770 780.