Make Privacy a Priority

Privacy and Security
Written By Noni McDonald

This week from 3rd May is the OAIC’s Privacy Awareness Week for 2021.

To show our support we are running free privacy awareness training tailored specifically for the real estate industry.

Make Privacy a Priority  
The theme of this year’s privacy awareness campaign - Make Privacy a Priority, emphasises that everyone in the chain needs to be on board to keep personal information safe.

By prioritising privacy, your agency is thinking ahead and conscientiously planning.

You can demonstrate that you have processes in place so that when there is a data breach you can quickly assess the impact on any individual affected, which means the risk of harm is much less – especially if you can take the steps necessary to contain the breach – remember, this is often time-critical.

Of course, you should aim to minimise human error data breaches in your agency – and that’s where strong privacy governance, workplace culture, and training comes in.

But everybody makes mistakes sometimes, and it is accepted that human error data breaches are inevitable.

Even so, by making privacy a priority, your business is much less likely to suffer reputationally from a human error data breach. You will be more able to demonstrate the steps you do take to protect personal information, that you are actively improving your processes, and are open to adopting the latest advice guidance from the OAIC and privacy professionals.

Particularly if a complaint is ever made against you, you will need to be able to respond without delay and take responsibility for what has occurred. If a mistake was made and you can show that you have been able to assess what happened and what you will do to avoid any future harm, the privacy regulator is much less likely to come down harshly on you.

Notification & Consent
Consumers are rightly wary of giving out their personal information. For them to have confidence in the giving this out, it is important for them to understand why the information is being collected, how it is being stored and who will be able to access it.

Australian privacy laws emphasise that businesses should only collect personal information from consumers if is reasonably necessary for their work or business functions/operations.

So when you collect information, you should consider – do you really need each data point? Are you going to use it in order to provide the client/consumer with the services you are offering them, in a way they would reasonably expect ? Or is it just nice to have all the data points because you think you might be able to use them for another purpose later on?

If some of the data you want to collect is not necessary for that reason, then you must tell the consumer what other ways in which you use the data and for what purpose. This transparency is so important for consumer confidence in your agency. It also means that you can legitimately gain their consent to use the data you collect for some of those other reasons

Security checkup – timely reminders

  • Regularly check your privacy and security settings on your devices - including your browser settings and social media accounts, if your profile contains personal information.

  • Use MFA for your critical apps – privacy experts recommend string security for email accounts– think about how easily you could be impersonated if your email account was compromised!

  • Use strong passphrases to protect accounts & devices – several words strung together is so much harder to crack. By using a secure password manager you can also easily store strong unique passwords for each account, so you are not tempted to use the same password across multiple accounts!

  • Set up auto-sleep or lock functions for times when you are AFK.

Top Agency Tips

  • This year staff training is the OAIC’s #1 tip for businesses to ensure they protect the personal information they collect. Do you have privacy goals and targets within your agency? How do you keep track of who in your organisation is ‘getting it’? Having all your staff attend privacy training should form a critical part of these targets.

  • When was the last time you had your privacy policy reviewed? Do you know what’s in it? This will be a super important step for you and your agency if you have a generic or outdated privacy policy.  Privacy experts recommend using plain English to summarise key points – even better, you can also incorporate visual aspects into the design of your privacy policy. Ideally, your policy should be targeted towards your audience and client base. You will lose business if you don’t have a privacy policy that consumers can understand and trust. 

  • Strong leadership on privacy governance means continually developing efficient processes, such as a privacy management or data breach response plan. Also, as part of your risk management process, consider a privacy impact assessment for new projects within your agency.

What’s next?
Sort out your agency’s privacy matters with the real estate agency law experts - book your free 10 min chat with our team to get started.

Boring legal stuff: This article is general information only and cannot be regarded as legal, financial or accounting advice as it does not take into account your personal circumstances. For tailored advice, please contact us. PS - congratulations if you have read this far, you must love legal disclaimers or are a sucker for punishment.

Noni McDonald
Previous

Did you know the super guarantee rate is increasing from 1 July 2021? Don’t get caught out!
Next

Are you aware of the changes to casual staff laws? Don’t get caught out!