Privacy protection is everyone’s business

Australia observes Privacy Awareness Week – PAW – this week, which promotes and raises awareness of privacy protection issues and the importance of protecting personal information. The Office of the Australian Information Commissioner – OAIC – is reminding individuals and businesses about ‘Privacy in your hands,’ and their responsibility to protect personal information.

New research shows that privacy protection is an area that needs more attention from SMEs. The Shred-it 2016 Security Tracker research, conducted on behalf of Shred-it by Ipsos, which consists of responses from over 1100 Australian businesses, reveals that SMEs lag behind their larger counterparts when it comes to understanding information-security requirements and implementation of good privacy protection practices.

Privacy at risk

Deceptively simple actions, such as leaving paperwork containing client information on your desk or throwing old invoices in the recycling bin, could potentially have a damaging impact on your organisation. Leaked confidential information can not only hurt a company’s reputation but also put them on the wrong side of the law.

The research shows that Australian SMEs are at risk of damaging data breaches due to inconsistent knowledge of information security risks from everyday workplace behaviours and poor implementation of security policies and protocols. It reveals that:

• 46% of SMEs recognise human error or accidental loss by an employee as the biggest security risk.
• However, almost a third – 29% – had either never trained their staff on information-security policies or didn’t have these policies in place.
• A further third – 33% – of SMEs said they had no documents that would cause their business harm if stolen, despite the fact that all businesses deal with confidential information such as employee records, customer information and other personal, financial and proprietary company data.

Information security policies necessary to minimise risks

A staggering one quarter – 25% – of SMEs claim to rarely or never audit their organisation’s information-security procedures or protocols.

Implementing policies, such as a clean desk and Shred-it All, in the workplace, and ensuring staff are trained on these, will minimise the risk of staff leaving documents in plain sight whilst away from their desk or not disposing of all sensitive information securely. However, this is not a widespread practice, with only 23% of SMEs having a formal clean desk policy.

The research also revealed a lack of understanding and education among SMEs on the broader implications of a data breach:

• 40% of small business owners said an information breach would not have a serious impact on their business despite data breaches costing Australian businesses an average of AU$2.82m*
• While 43% of SMEs claim to be ‘very aware’ of the legal requirements of storing, keeping or disposing of confidential data in their industry, there remains ambiguity over potential fines for lost or stolen confidential information under Australia’s Privacy Act.
• Only 12% of SMEs are aware that there are financial costs associated with a data breach, suggesting a need for clarity of legal obligations for businesses.

There is an urgent need for SMEs to understand the responsibility they have towards private information of their business, customers and employees.

Keeping confidential data secure must be a key business priority and all employees must fully understand their role in handling information and disposing of it at the end of its useful life. An educated workforce is one of the first steps to ensuring your organisation is protected from data thieves.

Not sure where to start? In Part 2 next week, we will share tips on how to protect the privacy of your business.

William White, National Sales Manager, Shred-it Australia

* Ponemon Institute, Cost of a Data Breach