We know that providing your clients with a great customer experience is one of your priorities, and we’d bet our bottom dollar that you go the extra mile to build up ongoing and loyal relationships.
After all, it almost goes without saying that it’s easier and more rewarding to retain existing customers than gain new ones, right?
When bad things happen to good people
It’s terrifying to think that a data breach that’s completely beyond your control can threaten to undo all the amazing work you’ve done over the years.
Given everything that’s happened in the last year, we should know! As you may know, we went through a third-party data breach in 2024. And it’s only thanks to the 1600 hours of incident response dedicated to managing the potential fallout, along with our commitment to open and transparent communications with our customers, that saved the day for us. But, it was hard work, and we remain grateful to all those loyal customers who recognised that bad things can and do happen to even the best of companies – and appreciated our proactive response to resolving all and any issues.
Others haven’t been so lucky – or hardworking.
What a data breach can cost you
According to Centrify, 65% of data breach victims report a loss of trust in a company or organisation following a breach. In its article “Mind The Trust Gap”, Forbes reports (via IDC) that 80% of consumers in developed countries will abandon a business if their PII (personally identifiable information) is compromised in a breach.
Can you imagine having 80% of your customer base wiped out? And the struggle to regain their business and trust? Not to mention the worry about how your customers’ data could be used by criminals.
All of this leads us, in a timely manner, to the upcoming Data Privacy Day on 28 January 2025 – and why it’s so important for you – and your customers.
The what and why of Data Privacy Day
Data Privacy Day (also known as Data Protection Day) is an annual, international event that occurs on the same day (28 January) every year. It’s been running since 2007. Data Privacy Day aims to raise awareness and promote best practices for privacy and data protection, so it’s a good thing for everyone but the bad guys!
However, data privacy takes more than a day to achieve – and it requires 24/7/365 vigilance once in place. Sadly, cybercriminals never sleep, so you can’t let your guard down for even a moment. And as AI (artificial intelligence) becomes part of our everyday lives, it will become even more challenging to get all your cybersecurity ducks in a row.
It’s important to remember that the baddies and goodies (technical terms) have exactly the same access to the formidable power of AI. Luckily, the Australian Government has done the hard yards on the ‘what-not-to-do’s’ of using Generative AI (GenAI) products and developed sensible guidance for using it safely in your business. Check out their five top takeaways here.
The 13 commandments of your client’s rights to privacy?
Here’s a quick refresher on the Australian Privacy Principles as they apply to your customer’s personal information – and you as the guardian of that data! (Please note these are paraphrased – find a detailed list here!)
In short, thou shalt:
1. Treat client data like gold – safe from misuse, interference, loss, and unauthorised access, modification or disclosure. And be mindful of your obligations to destroy or de-identify personal information in certain circumstances – especially when it’s no longer needed. For example, if they’re no longer a client, bin their data safely and permanently! (Unless required to hold on by law, for example, legal or health records.) Note: this is technically APP 11 but we think it deserves the number 1 slot
2. Manage personal information with openness and transparency. This includes having a plain language and up-to-date privacy policy.
3. Mind your clients’ business. Your customers are entitled to anonymity and to opt to use a pseudonym (with a few limited exceptions).
4. Abide by the rules for collecting solicited personal information, especially when it’s sensitive.
5. Stick to the rules for dealing with unsolicited personal information. (You may not have asked for it, but you still need to protect it!).
6. Be upfront with your clients as to when you’re collecting the information they share with you – and what you’re going to do with it.
7. Stick to your guns about not sharing or disclosing client data unless it meets certain circumstances.
8. Not use or disclose client data for direct marketing purposes unless it meets certain conditions.
9. Never randomly disclose your clients’ personal data outside of Australia without undertaking specific steps to protect it.
10. Only adopt, use or disclose government-related identifiers as your own identifier for a client under special circumstances.
11. Ensure the client information you collect and disclose is correct, current and complete.
12. Let clients see their own data (except in special circumstances).
13. Make damned sure that the data you collect is right or that requested corrections are made!
Why is it so important that you protect client data?
When it comes to data, it’s not just your clients and employees that you’re respecting and protecting, but your business. It’s all too easy to get caught out, and named and shamed.
Some Australian examples where personal data was breached in 2024 include:
And the list goes on and on. As for the impact on businesses – apart from losing clients and their trust?
According to Insurance Business Magazine, the financial burden of cyber incidents in Australia continues to grow. They report: “The IBM Cost of a Data Breach report for 2024 found that the average breach cost for Australian businesses has risen to $4.26 million, a 27% increase since 2020.”
So, what should Data Privacy Day prompt you to do?
No business wants to be fined or lose face because they haven’t done at least the basics. What are some actionable steps you can take to protect your rep?
1. Brush up your privacy policy. Does it meet Australia’s legal requirements and your own compliance guidelines? Verify that your customers can easily understand what data is being collected and why, and let them know their rights.
2. Take a hard look at your collected and retained data. Are you collecting and storing unnecessary, unwanted, or old information? If so, update your collection processes and implement a method to flag and expunge expired data.
3. Make sure you know what you’ve got and where it lives. Ensure you can track and manage the data you’ve collected and stored at each point in the process.
4. Consider appointing a Data Officer. Yep, make someone responsible for your company’s legal compliance with privacy and related issues and laws. This includes legal developments, news, and trends related to your company’s and industry’s specific data privacy needs.
5. Think ahead. It’s better to be proactive about your data, so consider what you will need when you update your technology environment. It could be easier and cheaper than trying to shut the stable doors after the data has bolted.
6. Get the basics right (but don’t stop there). Think employee training, multifactor authentication, device security, password protection, encryption, enforced privacy policies, software updates, and backups for starters.
7. Cover your butt. Bad things happen to good companies, even those who are doing everything right. Make sure that you have cyber insurance to help weather the storm of grief and regrets caused by a data breach – it is no longer a consideration but a necessity.
8. Ask for help. If you can’t manage it yourself, then ask the experts!
Data Privacy Day is a great reminder to do things right. While sharing is a wonderful thing, oversharing personal data (through a cyber breach) can be an unmitigated disaster for you, your employees, and your clients.
