I don’t know about you, but every day I open emails and articles about data security and our obligations in business. \u00a0 It’s feeling a little overwhelming, but on closer inspection, most of the conversation is pretty sensible.<\/p>\n
The headlines have been\u00a0 the data breach legislation in Australia and the GDPR in the European Union.\u00a0 That resulted in a swath of updates to business terms and conditions, and its something we will all have to think about as well.\u00a0 It’s not an IT issue, it is a business issue.\u00a0 I can’t think of any businesses that don’t hold some personal data about people that needs to be respected.\u00a0 At the least it would be names and phone numbers of staff, suppliers and frequent customers.\u00a0 Many businesses have more, subject to what they do.<\/p>\n
We all have a responsibility to manage this respectfully. While most of us do, there will be a few businesses that are dismissive of their obligations.\u00a0 That could be very expensive!\u00a0Under GDPR, in the EU, business can’t afford to be dismissive.\u00a0 The penalties are horrendous : up to $20,000,000 euros or 4% of global turnover.<\/p>\n
[header2 text=”So, what do you do?” align=”left” color=”#336A40″ margintop=””]<\/span><\/p>\n 1. Audit<\/strong> – Check : do you what personal information do you hold, and why?\u00a0 This can range anywhere from names and addresses to financial and medical records. If you hold information you don’t need, then stop keeping it!<\/p>\n 2. Permission<\/strong> – do you have permission to hold it?\u00a0 If you need to hold data to undertake a service for the client, make sure you have their permission and make sure you only use it for the stated purpose. \u00a0 The individual has the right to ask to see the data you hold about them and to correct it.<\/p>\n 3. Right to be forgotten<\/strong> – this is difficult.\u00a0 It reflects the idea that once you no longer need someone’s data, as the purpose that you gathered it for no longer requires it, then the person can ask you to ‘forget’ them.\u00a0 Essentially, they revoke their consent for you to hold their information. \u00a0 You are obliged to erase this as soon as possible!\u00a0 If you need their data for your own compliance – tax records being a good example – then you can anonymise it.\u00a0 In theory this extends to deleting their data from your backups as well, but we know of no practical means to do this.<\/p>\n 4. In the event of a breach<\/strong> – you have to notify the authorities and affected parties ‘without delay’.\u00a0 Unfortunately, despite our combined best efforts, this is probably more a question of when not if. To help make that less likely Kinetics is currently introducing a new enhanced security service.<\/p>\n This is intended to be an ongoing compliance obligation – like ISO9000 was and health and safety is.\u00a0 In fact that’s a great comparison. Just as we need to keep people physically safe, we also need to keep their data safe – these are intertwined ideas.<\/p>\n By and large, this seems sensible and much of it has been law in NZ since the Privacy Act 1993. \u00a0 There is a bill currently before parliament that updates this. It proposes adding mandatory data breach notifications and strengthening the power of the Privacy Commissioner.\u00a0 The objectives and principles seem sensible, and it is a handy reminder of our collective responsibility.<\/p>\n [header2 text=”How can we help you comply?” align=”left” color=”#336A40″ margintop=””]<\/p>\n The [wow_colorme]Kinetics “FlightPlan” toolkit<\/a>[\/wow_colorme]<\/a> has been updated to add a data privacy section that works through these items with you.\u00a0 Call your account manager or get in contact<\/a> to make an appointment<\/p>\n <\/p>\n","protected":false},"excerpt":{"rendered":" I don’t know about you, but every day I open emails and articles about data security and our obligations in business. \u00a0 It’s feeling a little overwhelming, but on closer inspection, most of the conversation is pretty sensible. The headlines have been\u00a0 the data breach legislation in Australia and the GDPR in the European Union.\u00a0 […]<\/p>\n","protected":false},"author":5,"featured_media":2689,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[4],"tags":[],"class_list":["post-2682","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/wp\/v2\/posts\/2682","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2682"}],"version-history":[{"count":0,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/wp\/v2\/posts\/2682\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/"}],"wp:attachment":[{"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2682"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2682"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2682"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}