Are you meeting your clients privacy expectations?

If your organisation is collecting personal information about people; be that staff, customers or vendors, you have responsibilities as it relates to the information you hold on them.

---

Every organisation has obligations under the privacy act and it's easy to not meet those obligations when it comes to technology and IT systems.  Let's say you have a customer database, or you have a payroll system, or perhaps a system that your clients login to, well you now have information about people and now you have obligations around how you are collecting that information, looking after that information and destroying it.

The Privacy Commission has a great site describing your obligations here, worth a read!  You'll see there are 13 principles that need to be considered.  All of this raised a bunch of questions right?

What do you need to look at to understand whether you have to make some changes and where would those changes be? 

​Who gets in trouble if I'm found to be in breach of the privacy act?

Is it just about computer systems?

If I'm using a cloud system, have they sorted all my privacy issues for me?  

What if it just a spreadsheet we store on our office 365?  

Are there extra rules depending on the type of data I'm storing (e.g. Health)?  

So now that you know you might have a problem how do you solve it? 

Let's unpack some of these things but the good news there is a great tool that you can use to assess any dataset / system for its compliance with the 13 principles in the privacy act! That great tool? A Privacy Impact Assessment or PIA.  This is a document that looks at various areas to help you assess whether you are treating your data in accordance with the Privacy Act and helps you identify additional actions you need to take to get into compliance. 

So what do we need to look at?  There are five areas around a data set / system:

• What data are you collecting?  Is it personal information, is it health information?
• What processes are around the collection and processing of the data?  
• Where is the data stored? How is it moved between systems or from the client to you?
• What contracts or agreements do you have in place for data collection?  Do the people know you are collecting the data? How are you letting them know
• How are you keeping it safe? Technology and processes around your data?

​
All a little overwhelming right?  Well...
​

The good news!

Resolution8 has been writing Privacy Impact Assessment with our clients since we started, we know what we are doing and can help you with your challenges.  We offer fixed priced privacy impact assessments, so reach out to us and we can help you workout if you need to complete a PIA or perhaps your all good!

​[email protected]
0508 737 658
Or
[email protected]
021 391 313