Privacy Awareness Week Day 5: Managing a Breach or Complaint
Business standpoint:
The OAIC has not yet enforced the requirement for businesses to disclose a breach, however they do provide considerable support if you do fall victim to a breach that compromises personal information. You can find further information in this Guide to handling personal information security breaches.
Reporting a breach does not preclude the OAIC from receiving complaints and conducting an investigation of the incident (whether in response to a complaint or on the Commissioner’s ‘own motion’).
Make sure that your incident response procedures identify the actions you will need to take if a breach to personal information were to occur. Consider:
- Whoyou should contact, When, How?
- What information will you need to disclose?
- What immediate actions can you take to minimise the impact of the breach?
- Your communications strategy, will you need to contact those affected by the breach? When will you do this? How will you do this?
- How will you manage complains from individuals affected?
Who else can help?
- AUSCERT www.auscert.org.au
- CERT Australia www.cert.gov.au
- Specialist Consultants (such as CQR!)
How do I know I can trust a consultancy such as CQR?
- CREST Australia, assess and certify companies and staff for their proved technical ability
- Looking for companies that are ISO/IEC 27001 certified, ensures the company is compliant to security standards.
- You can check companies for their certifications through Jas Anz
Personal standpoint:
If you are not happy with the manner in which your personal information is being handled by an organisation you do have some rights that ensure that the organisation reviews your concerns or complaint.
Ensure you write a formal letter detailing what your concerns are directly to the organisation and they will be obliged to manage your concerns in a timely manner.
If you do not get a satisfactory result the OAIC is there to help you. It is free to lodge a complaint with the OAIC. You do not need to be represented by a lawyer to make a complaint about your privacy. However, if you do decide to hire a lawyer, you must pay for the lawyer yourself.
The website contains more information about your rights as an individual at: www.oaic.gov.au/privacy/making-a-privacy-complaint
Other posts from Privacy Awareness Week
Privacy Awareness Week, Day 1: What is privacy and changes to the Act
Privacy Awareness Week Day 2: Protect your privacy online
Privacy Awareness Week Day 3: What you can do to protect your privacy when using mobile phones
Privacy Awareness Week Day 4: Business Obligations: What should I be doing to protect personal information?
Yvonne Sears
Senior Security Specialist
Senior Security Specialist
@yvonnesearsCQR
www.cqr.com
*** This is a Security Bloggers Network syndicated blog from CQR authored by CQR. Read the original post at: http://cqraustralia.blogspot.com/2014/05/privacy-awareness-week-day-5-managing.html
