An Auckland-based business insights and analytics firm has launched a data privacy toolkit that it says could help businesses protect personally identifiable customer and employee data.
As the New Zealand Privacy Act is currently under review, Data Insight says that traditionally the focus of breaches has been on customer data, but not employee data.
With Europe’s GDPR and other regulations throwing the spotlight on data privacy, businesses need to reconsider what data privacy is – or they could end up in hot water.
“A common misconception is privacy only relates to customers when in reality, the law governs any and all data relating to individuals, and often this is sensitive information held about employees,” says Data Insights general manager Claire Bonham-Holden.
“An issue has grown as the drive for productivity and increasing speed of work means we are all using platforms where sharing and collaboration is part of the process - it’s great for workflow but there’s a downside.”
While template documents are often used in situations when general information is the same and facts change, it’s actually a dangerous way of keeping track of changes.
Sometimes information can include salary, health, financial or disciplinary actions. Bonham-Holden says revisions can be searched.
“This is increasingly common, partly because management is focused on the need for speed and productivity, there’s a lack of understanding about the dangers of compromising personal privacy.”
It’s important that businesses ensure that all employees are acting appropriately, she says.
Data Insights explains that every year hundreds of data breaches are reported to the New Zealand Privacy Commission, including when personal electronic information had been sent to the wrong recipient.
These can have significant financial implications as well as damaging reputation with customers. Any compromise of employee personal information can also impact an organisation’s culture and degree of trust in management.
Data Insights’ toolkit is designed to help businesses understand the risk and potential for damage.
“It starts with a review of the data held, where it is stored, how it’s used and shared, after which a security score is provided along with suggestions about improvements,” says Bonham-Holden.
“It’s a practical data housekeeping process to help companies avoid getting burned. The result is a Risk Register that keeps track of all data and ensures appropriate policy and procedures are in place,” she concludes.