A woman securing their company's systems with a title Privacy Compliance

Privacy Compliance

August 26, 2024

For a small and medium sized business, even a minor cyber security incident can have devastating impacts. Our research shows that in the 2022-23 financial year, the average cost of cybercrime for small business increased to $46,000.  For medium businesses, the average cost is reported to be $97,000 in the same period. 

 

With businesses holding so much information on our customers and employees, every business needs to be aware of how they handle both confidential and sensitive information.  

When employees join our company, they provide personal, health and financial data. Every Australian business is required to comply with privacy and data protection laws. The Privacy Act 1988 sets out the framework for the collection, use, and disclosure of personal information. 

 

Key compliance considerations related to privacy and data protection include: 

  • Data Security: So often small businesses exchange personal information via email. While convenient, it is not the most secure method. Using passwords to protect forms, sharing links rather than attachments and when appropriate implementing online systems can assist with Data Security. But we understand the balance your business needs to achieve. Implementing appropriate security measures to protect employee data from unauthorized access, loss, or misuse is essential.  

 

  • Consent and Disclosure: Ensuring that employees’ personal information is only used for the intended purpose is critical.  Businesses need to obtaining consent when disclosing personal information, this includes sharing personal mobile numbers that are not publicly available and after employment for the purpose of a reference check. Any disclosure must be compliant with your policies and the legislation. In today’s social media driven world it is also important to ensure that you have employee consent to use their image and/or voice for promotional purposes. We highly recommend that your consent process covers both during and after employment to ensure that you do not need to remove historical references and photos after an employee resigns. 

 

  • Data Breach Notification: Even if you are not technically required to comply with data breach notifications, it can be beneficial to consider what you would do and how you would handle it. If your business is involved in a breach, having an idea or already documented procedures can make life easier. You will know who to notify and the relevant authorities to contact.

 

This area of compliance continues to develop as the risks escalate. If you have questions, please reach out to Impact HR at info@impacthr.com.au or on 1300 474 672. 

More News? Sign Up for our e-Newsletter?

Join us

Be part of the Impact HR Insights Community

Want to know what's happening in the world of HR? Join our Insights Community and get the latest HR news and best practice updates from the Impact HR team.

You have Successfully Subscribed!