Overview
Data minimisation, reducing privacy risks, and minimising the risks of data privacy breaches are critically important, given the growing costs of dealing with data breaches and the risk of regulatory investigations and legal actions, including class actions.
Sibenco Legal & Advisory provides your organisation with:
- Solutions to embed privacy into new processes, products and services to reduce future privacy compliance costs;
- Appropriate data breach incident response plans;
- An effective response to data privacy breach incidents, including notification requirements to regulators, customers and clients.
Privacy Frameworks
To ensure your organisation’s legal and regulatory privacy obligations are met and privacy breaches are minimised, Sibenco will review and/or develop a privacy framework for your organisation.
Sibenco will create a holistic privacy framework tailored to the unique needs of your organisation. We embed privacy in your organisation by:
- Developing an overall privacy framework;
- Developing processes for ‘privacy by design’ to be included at the start of new projects and processes, or for new products and services;
- Developing or updating privacy policies and procedures to comply with legal obligations and best practices.
Privacy Impact Assessments
Privacy impact assessments (PIAs) are an important tool for assessing privacy risks and developing mitigation strategies. Sibenco provides PIA services and will work with your project team to assess privacy risks and develop mitigation strategies to minimise the impact a project may have on the privacy of individuals.
Data Impact Assessments
A data impact assessment (DIA), which includes a PIA, provides a framework to manage data analytics projects including consideration of source data, data preparation, legal and other obligations, accountability, assessment of the impact of a project, and assessment of ethical and other interest factors. Sibenco will work closely with your project team to develop or review a Data Impact Assessment framework tailored to meet the strategic objectives of your organisation and aligned with your organisational values and other interest factors.
Please read more about this here: Big Data & Privacy: does your organisation need an ethical based approach?
The below pyramid illustrates how information extracted from data analytics can assist an organisation’s strategic goals:
Ethical Frameworks for Data Analytics
Where data analytics initiatives involve the processing of personal information, an ethical based approach as part of your data impact assessment enables your organisation to build trust and transparency with your customers or users.
Sibenco assists by:
- Evaluating data analytics initiatives and preparing Data Impact Assessments;
- In respect of an ethical based approach tailored to suit the needs and requirements of your organisation:
- Developing an Ethical Value Statement or Policy;
- Providing an ethical based assessment for the Framework and/or checklists for use in data initiatives; and
- Advising in relation to the establishment of an Ethics Committee.
Data Breach Preparation
Having measures in place to quickly address a data breach is key to containing risks. Sibenco will assist your organisation by:
- Preparing a data breach response plan, known as the ‘Incident Response Plan’.
- Training a cross functional team, including, for example, IT, communications, privacy and legal personnel, on how to respond to a data breach.
Data Breach Incident Response
Sibenco will guide your organisation in properly complying with laws and notification requirements as part of your data breach response plan. Our services include:
- Ensuring compliance with data breach notification laws and reporting obligations to authorities;
- Assisting in overseeing third parties or processes for notification to customers, students, patients, etc., in a timely manner.
Post Data Breach & Remediation
- Your organisation will receive Sibenco’s expertise in identifying gaps in policies and processes and developing a remediation plan.
Publications
Further Resources
The Office of the Australian Information Commission (OAIC) has resources available on its website including:
- OAIC Notifiable Data Breaches webpage including the online OAIC Notifiable Data Breach statement — Form
- OAIC Data breach response plan
- OAIC Data breach notification – A guide to handling personal information security breaches
OAIC’s guidance for Australian businesses on the GDRP – OAIC Privacy business resource 21: Australian businesses and the EU General Data Protection Regulation
EU GDPR – www.eugdpr.org
EU Commission – Article 29 Working Party
EU Commission – Data Transfers outside the EU
UK ICO website GDPR Guidance https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/. The UK ICO has published other resources:
- Preparing for the GDPR 12 steps to take now –https://ico.org.uk/media/1624219/preparing-for-the-gdpr-12-steps.pdf
- GDPR checklists – one for data controllers, and another for data processors – https://ico.org.uk/for-organisations/resources-and-support/data-protection-self-assessment/getting-ready-for-the-gdpr/
- Lawful processing – Consent – https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/consent/