Are you adequately protecting your customers’ information?

A business can be at risk of litigation if they use customers’ personal information improperly or without enough care. With most businesses now storing at least some customer information online, it is essential to know what you can do to protect your customers’ privacy by keeping this information secure.

The Australian Privacy principles in Schedule 1 of The Privacy Act 1988 (Cth)(Privacy Act) requires businesses to protect the information they hold from misuse, interference, unauthorised access or unauthorised modification. This included the proper disposal or de-identification of personal information when it is no longer needed.

Business must comply with the Australian Privacy Principles if they have an annual turnover of $3,000,000 or if they meet any of the following criteria:

  • they are a health service provider
  • they are trading in personal information, i.e. buying or selling a mailing list
  • a contractor that provides services under a Commonwealth contract
  • a reporting entity for the purposes of the Anti-money Laundering and Counter Terrorist Act
  • an operator of a residential tenancy database
  • a credit reporting body
  • businesses that have opted to be covered by the Act.

Businesses who ensure proper protection of their clients’ personal information are not only protecting themselves against litigation, but are positively influencing their customer relationship management.

Customers who believe a business is acting professionally and ethically in terms of their personal information are more likely to build trust and commitment towards a business.

Here are our tips to protect your customers’ information, foster a feeling of trust, and protect against litigation:

  1. Restrict access

Limit employee access to customer data to a “need to know” basis. This will ensure that sensitive information is only accessed by those within the organisation who need it.

  1. Educate

Make sure that all employees are properly trained in your business’s privacy policies, processes and procedures. This should include training on how to pick up on suspicious emails and how to report them.

  1. Lock computers and use strong passwords

Ensure that all computers are protected with strong passwords and are always locked when not attended. This includes properly locking up any laptops that contain sensitive information.

Make sure that all passwords that protect sensitive information are strong, meaning they are long, include numbers or symbols and are unique.

  1. Provide privacy notices

Provide all customers with a privacy notice explaining exactly what information you require, why you require it and how you plan to handle this information, and ensure that you stick to these outlines.

  1. Appoint a privacy professional

Everybody in an organisation has a role in making sure that privacy of consumers is protected, although there should be a senior member of staff who is in charge of the overall privacy of the company. This professional should know the internal policies of the business and their responsibilities under the Privacy Act and ensure that both are complied with.

  1. Layer your e-security

Ensure that you have multiple layers of protection on your website and internal systems. This means installing firewalls, antivirus software, two-level authentication, and other layers of protection.

  1. Have a data breach plan

All companies should have a data breach response plan that all employees are aware of. All employees and clients should be notified if there is a data breach.

Rolf Howard, Managing Partner, Owen Hodge Lawyers