INTOUCH: Private parts

Private parts

When New Zealand’s Privacy Commissioner recently moved to close website link that inadvertently provided easy access to the private details of 1000s of Mount Ruapehu ski pass holders, it should have rung warning bell for all business organisations.
“We’re going through revolution in how businesses are collecting, storing and transacting information and it’s revolution that has crept up on people,” says Privacy Commissioner Marie Schroff. “Businesses need to think of information, particularly private information about customers or employees, as business asset and that asset needs to be risk managed in the same way you would any other substantial asset of your business. And people need to wake up to the information century and information revolution.”
Right now would be good time because May 3-9 has been declared “Privacy Awareness Week” with New Zealand joining an international effort to focus keener attention on the need and means to keep private data from prying eyes. Larger organisations are more on the ball but many small to medium businesses may not even realise that, by law, all agencies need to appoint privacy officer.
It doesn’t have to be big deal, says Schroff.
“It’s just that if you do hold lot of personal information in your organisation then you need to look at assigning the responsibility for being aware of where and how it’s held and whether it’s being used and protected properly.”
The reality is that there’s now heap more data floating around in digital form and it’s more vulnerable to being hacked, hi-jacked or inadvertently dispersed. For example, digital cameras, personal storage devices or blackberries can all be fairly easily misplaced and the personal information stored on them accessed.
The emerging phenomenon of “cloud computing” – where business might run their HR or accounting functions via an on-line software provider – adds to the growing vulnerability of personal data. So-called “deep packet inspection” where data can be investigated during transmission is another area of privacy concern.
Businesses that aren’t aware of such issues risk breeching privacy regulations and suffering both financial and reputational fallout. It’s less an issue of compliance as just plain business sense, says Schroff.
“Our view is that privacy and business go hand in hand – ensuring that privacy is respected is good for business and builds customer and employee trust. And we do think business is catching on to that.”
Organisations do need to ask themselves how much personal information they hold, how well is it protected, do they have good policies and processes in place to deal with it and whether staff know how to handle those processes. Most breeches occur by accident rather than design, notes Schroff.
The Privacy Commission has put together booklet called “privacy and work – guide to the privacy act for employees and employers” as well as pamphlet explaining why “good privacy is good business”.
During privacy week, the Commission will be releasing the results of its survey on the use of portable storage devices, and launching two on-line initiatives. new Privacy Officer Forum provides space for the discussion of privacy issues, and “plain English” version of privacy principles six and seven is designed to help both those wanting to find out what information company holds on them and the companies to respond appropriately.

For more information visit or Visited 4 times, 1 visit(s) today

Close Search Window