The last year has seen huge changes in the privacy and data protection landscape, some that were foreseeable and some that may have caught businesses and individuals by surprise.
The introduction of the Notifiable Data Breach scheme last February caused many companies to review their preparedness for a breach, and was also a huge workload for the regulator, the Office of the Australian Information Commissioner (OAIC).
The quarterly reports issued by the OAIC on notified breaches make instructive reading and tell a story of two streams – cyber security risk and human error.
This suggests companies need as much investment in technology as they do in their people, which is an ongoing issue as people move, change and need constant training.
The advent of the European Union General Data Protection Regulation (GDPR) has seen many organisations swamped with documentation from contractual counterparties seeking to ensure their supply chain is GDPR compliant. This has caused headaches for many Australian businesses whose Privacy Act compliance was light in any event.
A recent Deloitte survey indicated worldwide only three per cent of surveyed businesses thought the GDPR did not apply to them, that means 97 per cent coverage, which may have been an unexpected territorial reach.
The EU has signalled its intent to enforce the GDPR both within and beyond the EU and the consequence is Australian businesses cannot be complacent.
EU data supervisory authorities are also being overwhelmed with complaints from citizens and businesses are reporting a huge increase in requests for personal information from individuals.
All of this means privacy related issues need to take a seat at the executive team table and be actively managed and also be seen to be treated seriously. How the privacy and data protection function is staffed and who is responsible is another question many businesses large and small are grappling with.
Tie this in with cyber strategies, information security, social media and the human element and it is a significant challenge.