The exponential growth of the Internet and electronic facilities has heightened concerns about people’s privacy. Some governments have tried to address the problem by introducing new privacy laws. Australian legislation in 2001, for example, required most businesses to rethink how they collect and use information about clients and customers. Even if you’re not affected by formal legislation at this stage, it is in your own interests (and those of others) to review the way information is collected and used in your organisation…

1. Review how you collect and use data in your business.

Most difficulties associated with the expected use of personal information can be overcome by obtaining individuals’ consents when any information is collected. The main privacy concern for most people is whether and how their information is being accessed by organisations other than the one undertaking the collection. Be open about planned usage. If, for example, information being collected will be used by a contractor to whom a particular project has been outsourced, individuals should be informed of your plans as they affect the information provider. Individuals have every right to know who has access to their personal information.

2. Create a privacy policy for your organisation.

Policies are useful management tools. A privacy policy encourages you to outline in detail the ways in which individuals’ privacy is protected in the day-to-day activities of your organisation. A privacy policy helps prepare you to be able to respond to requests from individuals to inform them what sort of information about them you hold, for what purposes, and how you use and disclose that information. In Australia, the National Privacy Principles (NPPs), under the Commonwealth Privacy Act, stipulate a need for organisations to be able to provide a privacy policy on request.

3. Appoint a privacy officer in your organisation.

An increasing number of issues will continue to be associated with individuals’ rights to privacy and the ways in which information is collected and used. It makes good sense, therefore, to appoint a person whose responsibilities will include issues of privacy. This person’s role will deal with key issues such as use and disclosure of information, data quality, data security, individuals’ access to and correction of personal information, maintaining individuals’ anonymity, and ensuring individuals’ consents have been obtained for collecting any information considered to be ‘sensitive’.

4. Check your marketing and IT initiatives.

Many of the issues of privacy – data security, for example – are linked to marketing and IT. Your privacy policy will need to set out the requirements of both areas to comply with any legislation or organisational demands. Your marketing and IT personnel should be made aware of individuals’ rights to access any information held about them. If the size and scope of your marketing and IT activities are large, a formal audit may be appropriate. This could require new or upgraded software, particularly in the interests of data security.

5. Collect only the information you need.

If you don’t need particular information, don’t collect it. Recent concern for individual privacy should result in more succinct requests for information that make it clear to the provider the need, or your intention, for the information collected. Take, for example, your company’s website. Many websites collect needless information. In many instances, it is only after the information is collected that decisions are made about what to do with the information. Websites should be under continuing review, not only for updating content and visual appeal but also regarding the type and quality of information being collected. Data quality – its accuracy and completeness – must receive the continuing attention it deserves.

6. Analyse critically others’ requests for information.

You, too, will be the recipient of requests to provide information – telesales, mail lists, etc. When in doubt, check any current legislation regarding the manner in which information is being collected. The collector must be prepared to respond to your request to inform them what sort of information it holds, for what purposes, and how it collects, holds, uses, and discloses that information. The collector’s response will help you to refine further your organisation’s collection procedures. Do not underestimate the public relations impact of perceived non-compliance. Research continues to show the importance of ethical behaviour in building customers’ confidence in dealing with an organisation.

7. Make secure any information you collect.

Data security can involve misuse, loss, or unauthorised access. Employees who don’t need access to personal information – about colleagues or customers – must be prevented from accessing databases containing that information. ‘Need-to-know’ information is different from ‘nice-to-know’. Institute internal security measures to eliminate the possibility of open access. Again, while legislation is likely to address this issue, it is a further example of sound management practice establishing the boundaries of acceptance. Similarly, unauthorised external access must be denied.

For more information about career and success, Contact Us at Global Training Institute. At GTI we are passionate about helping people succeed and achieve their career and life goals. GlobalTraining Instituteis aRegisteredTraining Organisation and offers accredited online training in the areas ofManagement,Business, Civil Construction,Local Government, Governance, Mining, LeadershipandProjectManagement.

View our full list of qualifications and short courses.

For more information about online training, career advancement and success, please Contact Us, or email [email protected] and call 1800 998 500.