The Office of the Australian Information Commissioner’s insights from its 2021-22 Assessment Program, recently published in Information Matters through its Privacy Professionals’ Network (29/04/2022), lists the following four steps that you should be taking.
- clearly document and regularly review your practices and procedures to ensure you outline the measures that are in place to manage privacy risks;
- implement regular and mandatory refresher privacy training for staff. This is an important part of entities’ privacy programs. Best practice is annual refresher training for all staff (including contractors and short-term staff);
- regularly review and test data breach response plans to ensure their plans are up to date and staff know what actions they are expected to take in the event of a data breach. It is also important that entities proactively monitor audit logs to help identify unauthorised access and disclosure of personal information;
- clearly document the operational relationship between your privacy and cyber security teams, as well as the roles and responsibilities of each business area. This will facilitate a coordinated response in the event of a suspected or actual cyber security incident or an eligible data breach.
How many can you tick off?
I especially like No #2. When did you last conduct refresher training for your staff? If you’ve not done it recently, you might like to register for the WorkAccord/ The Recruiters’ Casebook webinar on 3 May 2022, when we’ll be Talking Privacy and What Recruiters Need to Know.
Andrew C. Wood