Privacy Awareness Week – Back to Basics

In 2023, PAW will be celebrated from May 1 to May 7

Privacy Awareness Week (PAW) is an annual event that takes place in Australia to raise awareness about the importance of protecting personal information. It is a significant event that highlights the role of businesses, governments, and individuals in safeguarding sensitive information.

In 2023, PAW will be celebrated from May 1 to May 7, and it comes at a critical time when data breaches have become a prevalent issue globally. Data breaches occur when hackers gain unauthorised access to personal or sensitive information. This breach of privacy can have significant consequences for individuals and businesses alike, including identity theft, financial loss, and reputational damage.

Back to Basics

The theme for Privacy Awareness Week 2023 in Australia is “Back to Basics” and it will focus on educating individuals, businesses and government agencies on how to safeguard personal information in the digital age. With the pandemic forcing many businesses to operate online, it has become more critical than ever to understand how to protect personal data.

Recent data breaches in Australia have highlighted the importance of privacy protection and the need for staff training. Media coverage of the Optus, Medibank Private and recently Latitude Finance breaches have brought into question the need to review the data retention requirements of businesses like these.

Other organisations holding significant personal data also need to be vigilant. Schools in particular can be a target and a rich source of data for ransomware attacks.

Newcastle Grammar School’s IT systems were “so badly damaged” in a ransomware attack late last year that forensics investigators could not establish how or where the attack began.[1]

In April this year hackers released 16,000 Tasmanian education department documents on the dark web including schoolchildren’s personal information. Similarly, in 2019, the Australian National University (ANU) suffered a massive data breach that exposed the personal information of approximately 200,000 individuals, including students and staff. The breach was attributed to a state-sponsored hacking group, which gained access to the university’s IT systems. The recent war in Ukraine has seen a spike in state-sponsored cyber-attacks.[2]

These data breaches demonstrate that even large organisations with sophisticated security systems can be vulnerable to attacks. This vulnerability highlights the importance of staff training to ensure that employees are aware of the risks of data breaches and understand how to protect personal information.

Staff Training is Key

The majority of data breaches are caused by human error

To prevent data breaches, organisations must ensure that their staff members are trained to handle personal information securely. The majority of data breaches are caused by human error, such as sending sensitive information to the wrong person or failing to properly secure data.

Organisations can prevent these breaches by investing in staff training on data privacy and protection. This training should cover topics such as password security, data classification, and secure communication practices. By training staff, businesses can reduce the risk of data breaches and protect their customers’ personal information.

Staff training is a critical component of any privacy protection strategy. Training should include the following:

  • Understanding the importance of privacy protection and the consequences of data breaches.
  • Identifying potential risks and vulnerabilities that can lead to data breaches, such as phishing scams, weak passwords, and unsecured devices.
  • Implementing security protocols, such as password protection, two-factor authentication, and encryption.
  • Reporting and responding to data breaches in a timely and appropriate manner.

Increased Penalties

The Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022 increases the maximum penalties for serious or repeated privacy breaches from the current $2.22 million penalty to whichever is the greater of:

  • $50 million;
  • three times the value of any benefit obtained through the misuse of information; or
  • 30 per cent of a company’s adjusted turnover in the relevant period.

These increased penalties show that the Australian government is taking privacy breaches seriously and is committed to protecting personal information.

Privacy Awareness Week 2023 is an essential event that highlights the importance of privacy protection and the need for staff training. Recent data breaches in Australia demonstrate the vulnerability of even large, sophisticated organisations, emphasising the importance of staff training in protecting personal information. By providing staff with the necessary training, businesses can reduce the risk of data breaches, protect personal information, and comply with legal requirements.

GRC Solutions Resources

GRC Solutions offer a suite of courses catering to the needs of organisations both across Australia and internationally. We are the experts in online compliance training, and offer:

  • Off-the-shelf courses built with foundations of expansive industry knowledge;
  • Custom-built training to suit the specific needs of your organisation;
  • The award-winning Salt Compliance LMS, with the new and intuitive Salt Adaptive application and;
  • Consultancy services to better understand your business specific requirements.

Click here to view our suite of Privacy and Data Protection courses, including Cybersecurity– Australia, Privacy Training for Financial Services – Australia, and Privacy for Schools.