It's Privacy Week
✎ Edit Post
Posted May 10, 2021
Media Release: Office of the Privacy Commissioner
The Office of the Privacy Commissioner marks Privacy Week each year to promote privacy awareness and to inform people of their rights under the Privacy Act.
Privacy Week runs from today through to Friday 14 May. The theme for this year is “Make Privacy a Priority.
Another aim of Privacy Week is to help educate businesses, organisations and agencies of their responsibilities with personal information.
The Privacy Act 2020 introduced greater protections for individuals and some new obligations for businesses and organisations.
The changes include the requirement to report serious privacy breaches to the Privacy Commissioner and to affected people.
The Privacy Commissioner has new powers to help people access their own information and to require businesses and organisations to comply with the law.
There are increased fines for organisations that don’t comply, and there are new rules when sending personal information overseas.
The Office of the Privacy Commissioner (OPC) received a 97 percent increase in privacy breach notifications in the first four months of the new Privacy Act, compared to the previous six months.
More than half of the privacy breaches reported to OPC involved emotional harm, and about one third resulted in a risk of identity theft or financial harm.
Failure to report a serious privacy breach is a criminal offence which may result in a fine of up to $10,000.
Privacy Commissioner John Edwards says in the first six months of Privacy Act 2020, OPC has been focusing on educating organisations and businesses to help them understand their obligations.
“The law change means that if an organisation suffers a serious privacy breach, it should tell my Office as soon as practicable after becoming aware of the breach.
We’ve found that breaches can occur in any industry with reports from organisations in the financial and insurance services, the public sector, education and training, retail and accommodation, and even mining.
The most common category of privacy breaches were email errors (25 percent), with emails containing sensitive information going to the wrong person. Other common types of breaches were the unauthorised sharing of personal information (21 percent) and unauthorised access to information (17 percent).
Prevention is better
Organisations can easily prevent email errors with the right training and procedures. Organisations should:
• Take extra care when including personal information in emails
• Double check attachments
• Implement a send delay
• Use Bcc when sending emails to multiple recipients.
Mr Edwards says organisations and businesses should use Privacy Week to raise privacy awareness in their workplaces. It is also a good opportunity to help their staff become familiar with their Privacy Act obligations and to ensure their workplace has a privacy breach plan in place.