Our personal information is a core piece of our identity which must be protected: it reveals who we are, what we do and our beliefs.
As individuals, we have a right to privacy and a choice to trust organisations with our personal information. When we see privacy practices and care demonstrated with the protection of our personal information, we are more likely to trust organisations with our information and gain confidence in the services they provide to us. Trust is a pillar of the digital economy and a key requirement for a sustainable society.
For individuals to maintain their privacy, the Office of the Australian Information Commissioner (OAIC) provides several tips including:
- Value your personal information and protect it
- Secure your online accounts using measures such as strong passphrases and multi-factor authentication
- Protect your devices by keeping them updated and performing regular data backups so that important personal information is not lost.
- Reviewing and updating your privacy settings
- If your privacy is impacted, take steps to reduce your risk of harm
Not-for-profits provide services to and assist those who are sometimes the most vulnerable members of our society and as such, have a profound duty of care to protect their information. The OAIC has some great tips for organisations to assist in building and maintaining the community’s trust in how their personal information is handled.
The key points from these tips are for not-for-profits to:
- Know their privacy obligations under the Privacy Act. Even if your organisation is not subject to the Privacy Act, adopt privacy principles as part of good governance practices.
- Review their privacy practices and processes to make sure they comply with legal requirements and remain relevant to meet community expectations.
- Secure personal information to protect it from misuse, interference and loss. Security considerations are a privacy principle encompassing governance and staff training, processes and technology requirements to uphold protection.
- Prepare for data breaches by having a response plan. Organisations bound by the Privacy Act who may experience a data breach that could result in serious harm to individuals, must notify the OAIC and the affected individuals. This is a requirement under the Notifiable Data Breaches (NDB) scheme
Visit the Office of the Australian Information Commissioner website for more information.