How to protect privacy in your business

Privacy Awareness Week 2016

In the second part of our Privacy Awareness Week feature, we look at how businesses can improve their privacy-protection measures.

The Shred-it 2016 Australian Security Tracker, conducted on behalf of Shred-it by Ipsos, reveals SMEs need to better understand the risks of leaving information lying around and the responsibilities they have in protecting the privacy of their customers and employees.

Good privacy practice begins with understanding the information lifecycle, having enforced and trusted procedures to destroy virtual, electronic and physical information no longer in use, and implementing information-security policies.

SMEs need to review their protocols and procedures, and their employees’ understanding of, and compliance with, them.

It’s likely you have sensitive information in your files that includes personal information such as name, address, telephone number, bank account details and opinions. Unless you take steps to properly protect this information, you can open to the door to loss, identity theft and even criminal fraud.

Here are ten simple steps to protect privacy in your business:

1. Take stock: Establish what types of confidential information your business holds.

2. Scale down: Keep only the information you need for your business. The Australian Privacy Principles dictate that personal information should only be gathered and used for legitimate purposes and should not be kept beyond its useful life.

3. Lock it up: Make sure information you hold is kept secure at all stages of its life, whether in electronic or hard copy.

4. Plan ahead: Create a crisis response communications and operations management plan in the event a security breach does happen.

5. Shred-it-all policy: Shred all paper documents when no longer needed to reduce the risk of error associated with employees having to choose between the shredder and the recycling bin. Make sure you use a secure and documented shredding process conducted by security experts.

6. Clean Desk Policy: Keep desks clean and be more productive! In addition to managing information security risk from human error, a clear desk area assists better employee organisation, while providing provide peace of mind for you and your customers.

7. Stay informed: Keep in the know about the current information security laws and regulations that impact your business, and how to stay compliant.

8. Educate and enforce: Train employees regularly on your business’s information security policies, spanning online, electronically stored and physical information to ensure they are clear on how to handle and dispose of confidential information. A well-trained workforce is essential to protecting your organisation from a potentially damaging data breach.

9. Limit access: Set permission levels on who can access certain types of confidential information. Only authorised personnel should be able to view or handle confidential information.

10. Create a retention policy: Determine which documents you must keep and for how long. Clearly mark a destruction date on all records in storage and remember that the retention of some documents for a minimum period of time may be a legal requirement in itself.

SMEs will continue to face new challenges to protect what matters to them. By staying one step ahead and applying and enforcing preventive measures, SMEs will do right by the private information that they come in contact with, uphold the integrity of that data and ultimately the reputation of their business.

William White, National Sales Manager, Shred-it Australia