Are you in control of your customer data?

1 September 2021

Heading image

An OAIC report in 2020, found 70% of Australian adults consider the protection of their personal information to be a major concern in their lives. With consumer happiness and trust impacting bottom lines, customer concerns become business concerns.

In Australia, 539 notifiable data breaches were reported in the six months to December 2020.  This is an increase of 5% from all notifications from January to June of the same year.  This rise can be attributable to the introduction of remote working arrangements in response to the COVID-19 pandemic. 

This increase in the number of data breaches and cyberattacks shows the significant value of your customers’ personal data in your system. 

To protect your data from misuse, your organisation is required to take active measures to ensure the security of the personal information you hold.

What is Personal Information?

The Australian Privacy Act 1988 defines personal information as information or an opinion about an identified individual, or an individual who is reasonably identifiable:

  • whether the information or opinion is true or not; and
  • whether the information or opinion is recorded in a material form or not.

This means information when used alone or with other data that can reasonably identify an individual.

The Privacy Act separates personal information into two main categories:

Personal Information

This data includes information about a person's private or family life (e.g. name, date of birth, phone number and address), information about a person's work and personal habits (e.g. employment details and work address), photographs and IP address data, and other direct identification documents such as a driver’s license.

Sensitive Information
Sensitive information is personal information which includes information or an opinion about an individuals:

  • racial or ethnic origin
  • political opinions or associations
  • religious or philosophical beliefs 
  • trade union memberships or associations
  • sexual orientation or practices
  • criminal record
  • health or genetic information
Personally Identifiable Information

Data protection laws for Personal Information

To protect consumers, Australia has implemented data protection laws to provide guidelines for businesses collecting, storing and sharing customers personal information.  

These guidelines set out the obligations on an organisation for the information they collect, how they use it, storage and the security of the information, how it can be shared and an individual's right to access information held about them.

Privacy Act
The Privacy Act 1988 is Australia’s legislation to protect the handling of personal information about individuals in the public and private sector.

The Notifiable Data Breaches scheme resides under the Privacy Act, and legislates that a business who experiences a data breach of personal information which poses a serious risk, must notify affected individuals and the Office of Australian Information Commissioner (OAIC). 

Adopting Personal Information compliance

Are you aware of the location of Personal Information  and how it’s linked in your system to specific individual customers?

An IDG Research Services survey commissioned by Insight Enterprises found that only 57% of organisations conducted a data security risk assessment in 2020.

It’s essential that your organisation has the information it holds under control and secure in order to meet its privacy obligations, and avoid the risk of unnecessary reputational damage and potential fines. You need to have access to a full review of data across your systems, software, and tools, called data mapping.

Customer privacy image

Why should you take customer privacy seriously?

Customer privacy is a complex issue for your business and your customers as well. It can seem daunting and expensive to set systems up to protect your customers personal information – and keep them up to date. As well as openly and clearly communicating your data processes to your customers.  

It’s no longer enough to simply secure your data as it can affect your business in three ways.

So, how can you respect the privacy of your customers?

Use the ‘golden rule of data privacy’ – treat your customers and prospects data how you would like your personal data to be treated as a strong foundation for your security and data handling.

What about data security with your business partners?

In business where collaboration through partners has become popular, it's critical to question how your partner treats your customer data.  A partner would include any outside organisation that has access to your systems and personal information you hold – be they service providers such as brand and marketing strategists, or data and analytics partners, to certified app developers for conversion optimisation or fraud and risk management.

You are looking for partners that have the same level of respect and transparency your organisation has for customer data. It’s important that your partners, especially if located in a different country, follow the required privacy and data handling compliance when they gather, store and link your data in their systems. More information can be found here in the Privacy Act 1988.

What are some of the security tools to safeguard your customers' information?

Just like you, etika takes the handling of the information we hold seriously.  We use a range of measures and reasonable steps to protect our client’s personal information from misuse, loss and unauthorised access, modification and disclosure.  Data security practices is changing all the time but can include the following innovative technology:

Data Discovery and Classification – this is where all data is classified, in accordance with its value to the organisation to reduce the risk of improper exposure.

Data Encryption – using a combination of hardware and software-based data encryption to secure data before it is written to the drive.

Data Loss Prevention (DLP) – preventing data from leaving the corporate network.

Dynamic Data Masking – real-time masking of data so that the data requestor does not get access to the data, but no changes are made to the original data.

User & Entity Behaviour Analytics (UEBA) – a complex technology for baselining normal activity and spotting suspicious variations before a breach occurs.

Our tips to finding an eCommerce data security provider 
From the IDG Research Services survey commissioned by Insight Enterprises, only 27% of respondents expanded security staff in 2020. If your technical team is already pushed to its limit, you may be considering an external organisation for data security.   

Here are some factors to consider when choosing a data security provider:

There’s no hiding from cybersecurity in the eCommerce world. Protecting your customers' data should be top priority for your business and the responsibility of everyone in the company.

Talk to us Back to Blog