Breaking silos: Building a cross-team privacy culture

In today’s inter-connected workplace, personal information flows through almost every part of an organisation. Whether it's HR managing employee related data, marketing teams handling customer data, or finance processing payment details, privacy risks exist far beyond the IT department.

With further privacy law reforms on the way and regulators increasingly joining forces to target data breaches and poor security practices, organisations need to move beyond siloed thinking and adopt a coordinated, whole-of-business approach.

How each team plays a role in privacy protection

Good privacy practice relies on teamwork across the whole organisation, from the boardroom to the frontline. Each department needs to understand how their role interacts with the information that they handle and what they can do to protect the business and the personal information they hold:

• the executive and board – set the tone and ensure a culture or privacy and compliance
• marketing – obtain and manage consent for marketing communications
• customer service – handle personal data carefully when assisting clients or customers
• finance – protect customer and supplier financial information
• IT – secure systems and safeguard data against breaches
• HR – manage and protect employee personal information
• procurement – assess third-party privacy risks and induce data protection requirements in agreements
• legal – advise and protect against legal risks related to privacy.

New Privacy Foundations tool helps organisations assess privacy maturity

The Office of the Australian Information Commissioner (OAIC) has released a Privacy Foundations self-assessment tool to help businesses evaluate their existing privacy practices. The tool involves two steps – a questionnaire and an action planning phase based on the responses. It then provides practical recommendations to help embed stronger privacy practices into day-to-day processes.

While it is not a substitute for a full privacy impact assessment or compliance check with the Privacy Act 1988 (Cth), the tool is a good starting point for organisations to review their current approach and to improve their privacy posture.

How can businesses adopt a privacy culture across teams?

Teams should always be working together to provide each other with input on why they need to collect personal information, how they are notifying individuals of this collection, how they are using and disclosing personal information and what steps are being taken to secure it.

Each time a new project arises that involves the use of personal information, the relevant teams should come together and assess the privacy risks of the project. This collaboration will facilitate a holistic view of the proposed information flows, and the protection points required.

At the other end of the spectrum, good privacy cultures also encourage teams to think about what data they are continuing to hold and whether they are still legally required to hold it or if it's otherwise still required for the purposes it was collected. Holding Redlich has developed a ‘data audit matrix’ to help each function of your business analyse the data they collect, use, hold and disclose. Contact us here to receive the free tool.

As Australia’s privacy laws continue to evolve, now is the time for businesses to stop thinking of privacy as someone else’s job. Privacy is a whole-of-business issue – not just a compliance issue.

If you have questions about your privacy risks and strategy, please get in touch with our team below.

Disclaimer
The information in this article is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavour to provide accurate and timely information, we do not guarantee that the information in this article is accurate at the date it is received or that it will continue to be accurate in the future.

Published by:

Emily Booth

Share this