7 steps to prepare your organisation for changes to Australia’s privacy legislation

1 month ago AndyC

Another benefit is that it saves money.  Not on disk space which can nearly be considered free at this stage, but many CDPs and other SaaS applications have a charging model based on the amount of data (customer records) that you hold.

[…]

7 steps to prepare your organisation for changes to Australia’s privacy legislation

Another benefit is that it saves money.  Not on disk space which can nearly be considered free at this stage, but many CDPs and other SaaS applications have a charging model based on the amount of data (customer records) that you hold.  That company I helped had a significant reduction in their CDP licensing cost post clean-up.

  1. Develop and manage a consent framework for new data, and de-identify where you can

Rely more on first-party data that you collect yourself.  Inform customers when you collect that data, and what you will use it for.  Inform them of this collection, prior to gathering it.  If you have new uses for the data, seek further consent or de-identify the data. 

For the latter, one such technique involves encryption of identifiers which allows different datasets to be linked together for analysis, but still obscure the original data. Another technique is homomorphic encryption, where a data owner encrypts a dataset, sends to the cloud (or another server) for processing, the server processes the data without decrypting, and sends the encrypted results back to the owner – who is the only party able to decrypt the results.

  1.  Drive partner accountability

Who are you sharing data with, and what do they do with it?  Are they always using your customers data in a way that is consistent with the promises you made?  Review your contracts and agreements in your partner ecosystem and hold them accountable.  “It is a condition of doing business with us that you have a mutually acceptable attitude to privacy (and modern slavery, and ethical sourcing, and ….).

  1. Ensure your breach notification plan exists, and is up to date

Have you conducted a boardroom wargame, simulating a data breach?  Have you repeated it in the last 12 months?

  1. Educate your teams, and support people who raise issues

‘Jidoka’ is a principle in Lean that was started by Toyota.  A key principle of Jidoka is that anyone can raise an issue, and in reality, stop the production line.  In many organisations I have worked in, stopping all production would be career suicide, however in Toyota this first step in the process is for the manager to find the employee who initiated the stop, and say “Thank you”.  This drives a culture of Quality first.  Only by thanking and rewarding those who raise privacy concerns can we drive a Privacy-first culture.

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: , , , , , , , , ,

More Stories

5年で15年のIT変革を推進する

5年で15年のIT変革を推進する

25 mins ago AndyC
Where’s the ROAI?

Where’s the ROAI?

25 mins ago AndyC
Innovative data integration in 2024: Pioneering the future of data integration

Innovative data integration in 2024: Pioneering the future of data integration

25 mins ago AndyC
Are You the Type of Player Who Makes IT Happen?

Are You the Type of Player Who Makes IT Happen?

3 hours ago AndyC
Businesses lack AI strategy despite employee interest — Microsoft survey

Businesses lack AI strategy despite employee interest — Microsoft survey

3 hours ago AndyC
5 use cases for how Generative AI can supercharge document productivity across the enterprise

5 use cases for how Generative AI can supercharge document productivity across the enterprise

6 hours ago AndyC

You may have missed

Australian Payments Plus creates first CISO role

Australian Payments Plus creates first CISO role

16 mins ago AndyC
<div>US eyes curbs on China's access to AI software behind apps like ChatGPT</div>

US eyes curbs on China’s access to AI software behind apps like ChatGPT

16 mins ago AndyC
<div>UniSuper's Google Cloud environment was deleted</div>

UniSuper’s Google Cloud environment was deleted

16 mins ago AndyC
Why you should use the cloud to secure your cloud

Why you should use the cloud to secure your cloud

16 mins ago AndyC
Cranium unveils industry-first AI Exposure Management Solution

Cranium unveils industry-first AI Exposure Management Solution

16 mins ago AndyC

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.