Data Privacy – Need to Reduce your Risk?
The recent breach at Optus of customers’ personal information has revealed an uncomfortable but widely known truth among privacy professionals: a lack of internal oversight and invisibility of privacy vulnerabilities poses a far bigger risk than any big, bad external hacker. Secure gateways and best-in-breed firewalls cannot mitigate fully the risks of open doors, poorly classified data sets, improper disposals, or unintentional disclosures. While privacy compliance requirements are complex, increasingly the Government and regulatory bodies such as the OAIC are signalling that what may have once been considered a lapse in judgement is now viewed as negligence. Customer expectations are increasing, and the ongoing cost of reputational damage alone can vastly outweigh the cost of immediate breach response and mitigation actions. Those in oversight positions – particularly at the board level – should be asking themselves do I know what personal information we hold, how we store it, and for what purpose?
Our Doll Martin Associates brand provides privacy advice which helps organisations answer these questions. As the company that wrote the NSW Government privacy guidelines and assessment tools, you have access to deep and practical data privacy knowledge. We use those answers to develop privacy strategies that result in demonstrable improvements in the protection of personal information and sensitive data. We have performed broad-scope reviews into Government large agencies to identify which root causes have led to poor privacy practices and data breaches. We have worked with projects to not only perform privacy impact assessments but also to understand their role and how privacy by design can be built into design and development processes. We have developed data management strategies that have allowed organisations to minimise the volume and type of personal information they collect, shedding considerable complex risks by doing so. Our aim at Doll Martin Associates is for organisations to not only meet their privacy compliance requirements but to realise privacy-positive practices as a business benefit, which proactively builds trust between them and their customers.
Need help, consider this as a starting point:
- Data Privacy Assessment and Risk Management
- Data Policy and Management Review
- Privacy and Data Protection Strategy
- Data Governance Maturity Assessment
- Data breach response, recovery and recommendations
Please get in touch if you want to know more about our privacy and data protection services.