From May 1-7, 2023, the world is observing Privacy Awareness Week, a global initiative to promote the significance of privacy protection.
As businesses of all sizes collect and store increasing amounts of personal data, small and medium-sized enterprises (SMEs) need to be aware of their privacy rights and obligations to protect their customers’ personal information.
This year’s theme, “Back to Basics – Privacy Foundations in NSW”, is a reminder for SMEs to review their privacy policies and practices to ensure they are up to date and aligned with regulatory requirements. SMEs can safeguard sensitive customer data and prevent cyber threats by implementing basic privacy measures, such as encryption and access controls.
Privacy Awareness Week provides a valuable opportunity for SMEs to educate their employees and customers about privacy protection and establish trust and credibility with their stakeholders. By prioritising privacy and investing in robust data protection measures, SMEs can build a strong reputation and competitive advantage in the marketplace.
We’ve gathered insights from top technology experts in various industries, including data management and cybersecurity, to provide commentary on protecting privacy for businesses.
Denham Pinder, Head of Banking and Financial Services, ANZ at Cognizant
“In 2023, companies are facing increased calls to incorporate high levels of data privacy into their consumer data gathering systems. We have all heard about data-driven strategies, yet we continue to see unsecured data that is seemingly easily accessed by those with malicious intentions. Given data breaches’ significant impact on consumers, the need for stringent data governance processes is critical.
“Key aspects of privacy, security, retention, customer access and control are just some of the considerations companies need to take into account when transforming their digital ecosystems.
“For me, retention is pivotal because personal data should be kept for no longer than is necessary and for the purpose for which it was collected. The lack of enforceable policies relating to retention only increases the overall risk in the business.
“Understanding this, digital transformation programs must include privacy considerations through features such as privacy by design, data minimisation and robust security measures. By proactively and continuously developing operating models that protect and value consumer data, businesses will be able to give themselves the best chance to protect themselves and their data.”
Craig Bastow, Sales Director ANZ at Commvault
“Reflecting back on the past year, Australian businesses have become concerningly aware of the impact ‘cyber-attack’ and ‘data breach’ can cause to their business reputation and revenues. With the increase in security risk comes the rise of new cyber technologies, techniques and legislations as businesses seek to strengthen their institutions. However, in line with Privacy Awareness Week’s theme ‘back to basics’ it’simportant businesses aren’t getting caught up in the hype, and remembering that strong foundational data practices are what help make businesses resilient and drive continuity.
“The first step? Discover your data. According to a recent survey, 57% of CIOs aren’t aware of where some or all of their data is being stored or whether it’s being protected. With the amount of data being generated every day, data discovery is an important foundation businesses need to implement to prevent the loss or exposure of sensitive data.
“Then, backup. Backups are one of the first practices we relate to data security, and should be taking place on a very regular basis within businesses, irrespective of how small or big your business is. With data being generated at unbelievable speeds, a business’s data can look very different from one week to another. Without regular backups, restored data might not resemble the current state of a business at the time of an attack.
“Having modernized, scalable and flexible solutions safeguarding your data can make all the difference during a cyber-attack. Just as businesses start to get ahead of data regulations and requirements, they must get their data strategy in place, underpinned by next-gen data management capabilities, which can not only support today’s business growth but can also adapt to the multitude of legislations that are coming our way in the years ahead.”
Luke Power, Managing Director ANZ at Trellix
“There’s no doubt privacy is a priority – and with Privacy Awareness Week upon us it’s an opportune time to remind ourselves of this responsibility. We often assume that protecting privacy is someone else’s job, but the truth is that each of us has a critical role to play. Whether we have access to personal information or are involved in building products that handle data, we must all safeguard it.
“The key to successful privacy programs lies in empowering all employees to take responsibility for protecting data. We must all understand our basic privacy obligations and actively advocate for ethical and appropriate use of personal information. When privacy becomes a shared responsibility, and everyone is committed to upholding it, we can build a culture where data privacy is not just a compliance obligation but a core value.
“This Privacy Awareness Week, let’s renew our commitment to data privacy and take action to create a safer digital environment for all. By going back to the basics and instilling the importance of privacy in every aspect of our lives, we can ensure that everyone’s fundamental rights are respected and protected.”
Andrew Black, Managing Director at ConnectID
“As we recognise Privacy Awareness Week, the protection of personal information is more top of mind than ever, calling for a much-needed shift in our mindset to better value privacy. For businesses, there are four key elements to consider as they embark on their journey to better privacy.
“First and foremost, data minimisation is crucial. Businesses need to re-evaluate the amount of data they collect, store and manage to better understand whether it is a true necessity for their operation and compliance or if it is an unused liability.
“The second element is reducing or eliminating new data silo repositories. By avoiding setting up new databases and leveraging on established systems such as banks, we reduce the number of locations that need to be protected meaning there are fewer targets for hackers to exploit.
“Consent is the third consideration and a more recent trend for businesses to offer end users. To foster trust between businesses and customers, there needs to be transparency as to what the data is used for and visibility across who’s responsible for protecting the information. This is becoming more possible with the adoption of CDR-like technologies.
“The final aspect to consider is defining overarching rules that govern the use of the system and personal information including privacy protections, liability management, and operational processes to support fraud management and ID recovery.
“In a world where our daily lives are tethered to digital services, customers need to be handed back control of their data and be given the privacy they deserve.”
Keep up to date with our stories on LinkedIn, Twitter, Facebook and Instagram.
