Understanding Your Risks and Putting in Place Mitigation Strategies
Most businesses regularly undertake risk assessments and a mitigation audits. Including privacy into the next agenda shouldn't be hard! We've summarised some key discussions that can occur in your business:
- What to do if personal or sensitive information is misused, interfered with or lost,
- Steps to take if any unathorised personnel access that data (whether they are internal or external to the business),
- How to modify someone's information and
- What to do if you need to disclose someone's information.
- A robust discussion about the personal and sensitive information is protected and what protections are realistically available.
- This may require the implementation or upgrading of IT systems.
- Determining whether the internal access controls in place are adequate.
- This may lead to creating or revising audit trails.
- Agree to complete a Privacy Impact Assessment when any new projects are foreshadowed and comply with the time frames to complete the assessment.
- Consideration of privacy risks should be part of the process for implementing any new projects, or amending the supporting process for existing work practices.