Privacy Week (13-17 May) is a great time to consider the importance of privacy and to help ensure you and your company have good privacy practices in place, writes Privacy Commissioner Michael Webster.
This year’s theme for Privacy Week is Busting Privacy Myths, one of which is that privacy is primarily a risk prevention exercise, with the focus being on trying to stop things like privacy breaches and data hacks from happening.
Prevention is hugely important as the financial and reputational damages can be huge. For example, in March 2023, Latitude Financial suffered a massive cyber-attack resulting in a data breach, with an estimated 14 million customer records, including around one million New Zealand customers, being exposed. Latitude has said the cyber-attack had cost it A$76 million (securityweek.com).
As vital as risk prevention is, it doesn’t tell the full story of why businesses should make sure their privacy practices are in order, as it misses the benefits side of the equation.
The Privacy Act enables New Zealanders to have trust in the companies and government services they use every day. Once trust and confidence are lost, it’s very difficult to get back.
“70% of respondents said they would likely change service providers if they heard theirs had poor privacy and security practices…”
Research shows privacy breaches cost businesses in many ways. In a recent survey conducted by my office, 70% of respondents said they would likely change service providers if they heard theirs had poor privacy and security practices.
A recent Talbot Mills Research survey focusing on cyber security, found 71% said they would consider no longer dealing with a company if it lost their data in a cyber-attack.
If your staff, customers, and clients, have trust and confidence in you as an organisation, and in how you go about your business, then that creates ‘permission space’ for you to take opportunities, to try new ways of doing things.
Losing that trust and confidence through privacy breaches will, I suggest, undermine efforts to be innovative and to improve productivity.
Think about how you would feel if the personal information you had entrusted with a company was now out in the public realm. You may think it’s not that bad if your address, phone number and email address are gained, but what about health information, your income or bank details, or material that includes facts about your family – you’re quite likely going to feel extremely aggrieved.
Data is such a quintessential element of our work now, that management and consideration of privacy concerns need to be as important as health and safety protocols or robust financial reporting. Privacy is important and getting it wrong can have profound consequences.
During Privacy Week the Office of the Privacy Commissioner is running a series of free online talks and conversations covering a range of topics and also has its Australian counterparts on board to discuss consumer advocacy in the privacy sphere.