Why Australian business owners need to pay attention to data privacy laws
NOBODY can dispute the fact that data is a critical asset today.
Regardless of industry, zetabytes of data are collected every day and the number is only going to increase with the arrival of 5G and the proliferation of the internet of things (IoT).
With the business insights that data can provide, there is much truth to the saying ‘data is the new currency’.
Organizations that can make sense of the deluge of data made available to them will have great leverage over their competitors.
However, managing data isn’t as simple as just collecting, storing, and analyzing. Organizations that collect data, especially personal data, have the responsibility of ensuring privacy.
The nature of personal data is sensitive. Therefore, there are laws put in place to safeguard personal data, and these must be adhered to, regardless of how the data is collected.
APAC countries are starting to take personal data breaches seriously — with Australia bumping up the fines and penalties for failure to protect data earlier this year.
Tech Wire Asia recently spoke to DLA Piper Partner Nicholas Boyle (in Sydney) about the legal obligations of business owners looking to store, process, and analyze data via cloud-based services including SaaS-based applications.
He noted that Australian accountability principles safeguard the privacy of personal data and maintain that organizations within Australia processing personal information remain accountable over the acts of overseas recipients, including CSPs.
Should there be a need to disclose data to recipients outside Australia, the transferring organization must take all the reasonable measures to ensure that the overseas destination has comparable data protection laws.
When asked what advice he would give to SMEs looking to engage CSPs, Boyle recommended that SMEs look to larger, more established providers that would already have a robust security system in place.
He also emphasized the importance of good planning when coming up with a data protection policy.
“SME owners would need to take cognizance of various facets of the data they collect such as the nature of the data, how the data is going to be used, and how long it is going to be held.”
All these are very relevant when it comes to assessing the risk exposure of an organization. Mapping the data right at the start can help organizations manage and mitigate risks that could potentially flow from engaging a CSP.
To stay relevant, SMEs need to pursue the digital transformation agenda — aggressively. Engaging with cloud service providers, given the scalability and affordability of the technology, is just the first step.
The cloud can offer business owners so much more compared to the traditional ways when it comes to managing data. The scalability, accessibility, and affordability that cloud-based services provide increases the efficiency of a business and allows resources to be used more strategically — but data privacy and protection cannot be an afterthought in this regulatory environment.
Regardless of where businesses are located, leaders and managers must ensure that they comply with laws to protect data and build and maintain the trust of customers overall.