Training your staff
Privacy awareness should be a central focus in your business, given it encourages positive business practices and can also help to alleviate the risk of liability.
Any internal training should also deal with issues such as:
- handling privacy complaints, access to information requests and correction of information requests;
- when staff should be providing privacy notification statements;
- how your staff should deal with unsolicited personal information;
- the circumstances under which your staff will have to de-identify or destroy personal information;
- the importance of not accessing customers’ personal information unnecessarily;
- identity authentication procedures and the need to avoid inadvertent disclosures when verifying an individual’s identity;
- the importance of password protection (such as avoiding weak passwords, changing passwords regularly, not using the same password to access multiple systems and not providing passwords to others or sharing passwords);
- logging out of computers when they are not in use; and
- the need to report any privacy breaches or suspected privacy breaches to your business’ privacy officer.
What resources are available?
The website of the Office of the Australian Information Commissioner has an array of factsheets, tools and information to assist your business to train your staff on privacy obligations and how to deal with them.
Why does it matter?
Failure to comply with the APPs may lead to penalties of up to $1.7 million (for corporations) and up to $340,000 (for individuals) if they seriously or repeatedly interfere with a person’s privacy.
If you do not think that your staff are currently aware of, and comply with, your privacy obligations, we recommend that you take reasonable steps to train them on privacy issues. The tips in this article are not exhaustive considerations and you should consult the APP guidelines or contact us for more information.
Privacy awareness week
This article is the final article in our series on handling personal information as part of Privacy Awareness Week. As an official partner of the Office of the Australian Information Commissioner’s privacy awareness campaign, Cooper Grace Ward has published a series of articles that relate to:
- how your business can collect personal information;
- how your business can engage in direct marketing;
- how your business should handle requests to access and correct personal information;
- the importance of a social media policy; and
- how your business can organise internal privacy awareness and training.