When privacy breaches are in the media, it can be embarrassing for businesses. But don’t make the mistake of thinking that’s the extent of it, or that a breach isn’t of the upmost importance for your organisation, writes Privacy Commissioner Michael Webster.

Privacy breaches can rock people’s confidence about how their personal information is managed, which means reduced trust in your business and what you offer.

 In our recent annual privacy survey66% of respondents said they would consider changing service providers if the provider had poor privacy and security practices. If you’re not looking after people’s personal information well, your consumers are highly likely to shop around for someone who will.

 As well as having a potential impact on your bottom line, privacy breaches can lead people to ask if the places they shop at, use for personal services, or interact with, care about their personal information.

It’s not just the breach itself that can impact people’s opinions, but also the notification process…

 It’s not just the breach itself that can impact people’s opinions, but also the notification process. Do the people impacted feel like they’re being kept informed about what happened and why? Perhaps most importantly, are they told what’s being done to stop it happening again?

Michael Webster.

 If people don’t feel you’re doing a good job in communicating, managing and fixing the problem, it can lead to more questions about whether you’re the right place for them to trust with their information. It’s far easier to keep people’s trust and confidence than try and restore it later.

We saw an example of the impact of big privacy breaches late last year, with the Manage My Health cyber incident…

We saw an example of the impact of big privacy breaches late last year, with the Manage My Health cyber incident impacting the health information of nearly 100,000 New Zealanders.

 The scale of this breach itself was concerning, but health information is seen as especially precious. If even sensitive health information can be hacked, then it can lead to questions about how other types of personal information is managed.

 This, and other privacy breaches in the health sector, look to have dented people’s confidence, with our privacy survey showing 56% of people have concerns about the security of their health information.

 Privacy breaches are bad for business. When they happen, when you see another business’s name in the media, take the time to read about the causes and ask, could the same thing happen to me? 

 While the Manage My Health Inquiry goes more into the specific causes of the breach, there are broader issues that will resonate with many businesses, and which should lead you to ask questions:

  •  Do I have the right security in place to stop cyber-attacks?
  • How quickly could I tell that a major breach has occurred and what would that look like?
  • How long would I take to respond?
  • How am I managing third party providers?
  • Are my contracting arrangements, risk assessment protocols, and due diligence practices fit for purpose, or do I need to check them again now?

 There are lessons here for everyone, and I’ll go into more detail in future columns, but this breach is a reminder that we all need to work to stop breaches happening, and that if we don’t take privacy seriously, then we risk losing a lot. 

Michael Webster is New Zealand’s Privacy Commissioner.

Visited 150 times, 1 visit(s) today

Close Search Window