Sometimes it takes a cataclysmic event to bring about overdue and meaningful change.
Subscribe now for unlimited access.
or signup to continue reading
In Australia, over the past few months, a succession of high-profile breaches have brought data privacy laws to the forefront.
This has seen the government introduce legislation to tighten data privacy obligations for organisations that fall under the Privacy Act.
If passed, companies will be obliged to share information with the government, particularly in relation to data breaches.
Additionally, the financial penalty for those that experience repeated privacy breaches will be significantly raised from $2.2 million to $50 million, or three times the benefit gained through the misuse of information - whichever amount is higher.
Collectively, the proposed laws mirror the notoriously rigid General Data Protection Regulation (GDPR) laws in Europe, which regulate those that do business, send employees, have customers or handle data associated with people travelling into the EU.
So stringent are the financial penalties for failure to comply with GDPR that in 2021, Amazon admitted it was forced to pay USD $877 million because of the way it collated and shared personal data via cookies.
Indeed, compliance risk is big business across the globe. Gartner forecasts through to 2023, government regulations requiring organisations to provide consumer privacy rights will cover 5 billion citizens, and more than 70 per cent of global gross domestic product (GDP).
Initially the sentiment seems geared towards protecting customers and employees against nefarious actors, intent on turning personal data into financial gain. But much of the time, people inside organisations could be committing a compliance breach without even knowing it.
Take this year's case against a HSBC employee, who was fired as part of a compliance sweep for using WhatsApp to engage with clients. Whether or not any data was compromised was irrelevant, because the application was deemed to fall outside regulatory parameters.
Compliance risks heightened as digital becomes the norm
In the current climate of stricter privacy regulation, it's important to not only educate employees about what a compliance breach looks like, but to provide them with the necessary capabilities to mitigate risk.
This is key because Australia has turned to digital more than ever before, not only to work across home and office environments, but to shop, connect and recreate.
The risks of slipping up and leaking information are now abundant.
At this year's Gartner IT Symposium, the analyst firm revealed the worrying statistic that only 25 per cent of the global workforce say they've got the technology needed to do their jobs.
When coupled with the widespread resource shortages across a range of sectors, it makes unfortunate sense employees are seeking time-saving workarounds that fall outside compliance regulations.
This has been rampant in the under-resourced healthcare industry where, to save time and commence treatment sooner, practitioners are turning to encrypted messaging apps such as WhatsApp and Signal to share diagnoses, images of injuries, scans and other private information. Those apps might be encrypted, but fall outside regulation.
Leaders have an obligations to not just expect staff to do the right thing, but provide workers with the means to share information with peers without neglecting compliance.
When they can use and collaborate on data within a secured digital environment, they can interact without the risk of inadvertently leaking sensitive information or posting it where it shouldn't be.
This should also take into account the full scope of their digital habits.
We can't expect workers to embrace outdated systems from a time when workplaces were static. We instead need to accommodate the current climate of work-life integration, where the lines between the home and office have irrevocably blurred.
For instance, you could allow staff to manage their workday in dedicated, unexposed spaces from their own personal devices, given mobile phones are among the accepted and often even preferred way to communicate and complete jobs.
Staff should also be offered the affordances of automation and artificial intelligence, so they are supported by digital assistants that can conduct judgement-based work and monitor whether regulations are being met to reduce uncertainties.
READ MORE:
Secure and intelligent automation can also ease the load for employees who are already taking on additional tasks due to resource shortages. This can support their wellbeing and prevent lapses in judgement that result from overwork and burnout.
The new privacy laws are a much-needed step in protecting Australian consumers and organisations against data misuse.
However, it's important to remember compliance breaches are not always intentional, and measures should be put in place to support workers and prevent these lapses, so Australia's people and businesses aren't left suffering the consequences.
- Jeremy Paton is team engagement and collaboration specialist at Avaya, based in Sydney. Avaya's customers include AGL Energy, the Department of Defence, Westpac Bank, RSPCA Queensland, Evergreen Shipping and YMCA.
