The new landscape of data privacy
How you can keep pace with new legislation and protect your business.
Data is the new gold—or Bitcoin (depending on which economic school of thought you ascribe)—that undeniably impacts a business’s success.
This digital commodity is the antidote to uncertainty, affecting every corner of your operation. From marketing and strategic decision-making to user experience, risk mitigation, and profitability. The day-to-day operations of your enterprise, often come down to data-informed insights. Or at least they should.
“The key is the successful interpretation of data insights into usable knowledge that drives business operations.” (Miller and Clarke, 2022)
Just look at the pandemic—a living case study into the value of data. As the business world was attempting to move with daily changes in consumer behaviour, public sentiment, and employee experience (among a myriad of other things), it was data that transformed assumption into concrete knowledge.
“87% [of global executives] agree that data is the most important competitive differentiator in the business landscape today.” (The Economist, 2022)
The risk of rapid digital transformation
The value of data is undebatable amongst business leaders, with many increasing their capture and investing in a digital-focused future. But there is a risk to holding so much gold.
“IT market research firm IDC estimates the amount of data stored in 2020 at 59 zettabytes (that’s 59 followed by 21 zeros). It predicts that the next three years of data creation will exceed that of the previous 30 years combined.” (The Economist, 2022)
Some of the most intelligent data capture companies—businesses that rely on personal data for the quality of their CX and customer service, like Medibank—have been the targets of cyber attacks. This compromised security is felt across the whole business, from the micro to the macro; customer fears and dissolved trust, to increased national security risk.
Data breaches that became the catalyst for new laws
The Medibank cyber attack is not an isolated incident. In just the first half of 2022, The Office of the Australian Information Commissioner (OIAC) was alerted to 396 other breaches involving companies with revenue of more than $3 million. (Redrup, 2022).
Exponentially growing threats led to a change in national legislation as well as a global response, with Australia taking a leading role as chair for the International Counter Ransomware Task Force (ICRTF).
“On home soil, taking a proactive stance, she [Minister for Home Affairs and Cyber Security, Clare O’Neil] has been clear that policy mechanisms can only go so far—that the time really has come for organisations to step up and take responsibility for their cybersecurity.” (Pietro, 2022)
While you may not consider your data (from a scale and sensitivity level) within the same playing field as Medibank, your business is likely still accountable to the same legislation. So, what do you need to know?
The legislation changes that are live now
The Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022 (the Bill) was passed by both houses on 28 November 2022 and is now law.
The Bill is a series of amendments to the Australian Information Commissioner Act 2010, the Australian Communications and Media Authority Act 2005, and the Privacy Act of 1998. And the changes are significant—most notably, increasing penalties for serious or repeated interference with privacy. And the responsibility sits within the business itself. (Smith, 2022).
Data security needs to take the highest priority
If you hold customer data, you need to take ownership of data security at the highest level—this is not something you can push to other departments or outsourced companies. Here are some ways to ensure your data security is keeping pace:
- Cyber hygiene—aligning with new ways of work:
Protecting your company’s data should flow through every level of the business. Even the smallest acts of cyber hygiene help strengthen the security of your data—and every employee needs to be involved. Cyber hygiene involves the simplest processes, like creating end-to-end encryption, implementing data backups, and regularly changing passwords. (Boyd, 2023).
- Testing and drills—resilience is key:
Especially if you’re not an expert in data security, it’s essential to bring in a third party to test your company’s systems—they can find gaps you would never notice. Also, if you don’t run response drills to see if your security plans work, you’ll only find out in the event of an actual data security breach. (Boyd, 2023). In the famous words of… well, everyone, defence is the best offense.
- Trusted partnerships—data security enables a business to innovate and do more:
The responsibility for data privacy remains inhouse; however, having a trusted partner in CX and call centre outsourcing can provide you with the best tools to keep your customers’ data safe. A company that holds data security as the highest priority can make all the difference.
- The Essential Eight Maturity Model—protecting your data:
If you are looking for more tangible steps to assess and improve your data security, the Australian Cyber Security Centre (ACSC) has developed a framework to follow, The Essential Eight Maturity Model. There are eight mitigation strategies to implement—from utilising patch applications to multi-factor authentication and network segmentation.
The changes to legislation have landed hard and fast. With little time to upgrade business-wide data security protocols, many businesses are open to the double risk of cyber crime and legal penalties. As with all things tech, the time to act is yesterday.
TSA are Australia’s market leading specialists in CX Consultancy and Contact Centre Services. We are passionate about revolutionising the way brands connect with Australians. How? By combining our local expertise with the most sophisticated customer experience technology on earth, and delivering with an expert team of customer service consultants who know exactly how to help brands care for their customers.