Understanding Your Risks and Putting in Place Mitigation Strategies

Most businesses regularly undertake risk assessments and a mitigation audits. Including privacy into the next agenda shouldn't be hard! We've summarised some key discussions that can occur in your business:

  • What to do if personal or sensitive information is misused, interfered with or lost,
  • Steps to take if any unathorised personnel access that data (whether they are internal or external to the business),
  • How to modify someone's information and
  • What to do if you need to disclose someone's information.
A formal risk assessment process that focuses on identifying privacy risks at each stage of a business' life-cycle should consider the collection of the data, its use and disclosure, the storage of the data and finally its destruction and/or de-identification process.  
Once the business has completed the risk strategy, it must turn its mind to the best way to mitigate the risks. Options include:
  • A robust discussion about the personal and sensitive information is protected and what protections are realistically available. 
    • This may require the implementation or upgrading of IT systems.
  • Determining whether the internal access controls in place are adequate. 
    • This may lead to creating or revising audit trails.
  • Agree to complete a Privacy Impact Assessment when any new projects are foreshadowed and comply with the time frames to complete the assessment. 
    • Consideration of privacy risks should be part of the process for implementing any new projects, or amending the supporting process for existing work practices.  
Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us