Privacy needs to be a year-round activity, as the implications of poor privacy practice are simply too significant to ignore. By Privacy Commissioner Michael Webster.
We often hear from organisations about how successful our annual Privacy Week was in engaging interest and encouraging people to learn more. That’s great, but then there can be a struggle to move beyond this and embed the importance of privacy across an organisation.
Privacy deserves and needs more than one week in the sun, so how do you entrench privacy into your organisation so that it’s just not something we think about only one week a year, but every week of the year?
Most organisations know the link between good privacy practices and business success. We know the importance of preventing data breaches and helping eliminate the financial and reputational harm they can cause, and we understand that treating personal information as sacrosanct will help build customer trust.
But how do we make this real, how do we get people to buy in to the importance of privacy?
One tactic is to get Privacy Week to do the heavy lifting and build a supporting platform around it. Having a dedicated privacy focus provides the base to develop ongoing interest and move people towards incorporating privacy into their personal and professional lives.
“Maintaining momentum is key…”
Maintaining momentum is key; unless the interest and awareness of privacy is followed up with an ongoing focus then you risk losing impetus and people not applying what they’ve learnt.
Training plays a key role; encourage people to do the free e-learning modules on our website privacy.org.nz. There many other learning and professional development opportunities to explore too.
Many places get their new staff to do privacy modules, but usually it’s one of many topics being learnt, and unless that knowledge is tested again it risks being lost. Think about how you embed privacy into your ongoing training and learning practices.
“Get talking across your business about privacy issues like employee browsing, data security and reporting privacy breaches…”
Get talking across your business about privacy issues like employee browsing, data security and reporting privacy breaches. Raise these topics at all-staff meetings, commission intranet stories and have presentations and Q&As from your privacy officer and do it regularly.
It’s standard procedure to get staff to change passwords and ensure their new passwords are strong and secure. It’s also good practice to educate staff to be wary of opening links and attachments from people they don’t know. A good idea is to run practice sessions to try and catch people out so you can then support them with education.
But you can go further and encourage people to learn more about cybersecurity from places like CertNZ, which has information on cyber security and common threats like Ransomware and Phishing. Both Cert NZ and Netsafe also have material on avoiding scams and keeping safe online.
Promoting good privacy practice and taking steps to prevent privacy breaches will benefit your organisation and your clients. Privacy needs to be a year-round activity, as the implications of poor privacy practice are simply too significant to ignore.
Michael Webster is New Zealand’s Privacy Commissioner. Recordings of the Privacy Commission’s Privacy Week presentations and its e-learning modules are at www.privacy.org.nz
