Risk Management

Privacy Please!

Privacy Laws in AustraliaIf you run a business, you need to know – Privacy Is A Priority For The Australian Community.

The Office of the Australian Information Commissioner’s (OAIC) released the results of the 2013 Community Attitudes to Privacy survey on 9 October 2013 which show that Australians are becoming more concerned about privacy risks and that they expect the organisations they deal with to take effective steps to safeguard their personal information.

48% of Australians believe that online services, including social media, now pose the greatest privacy risk. Only 9% of those surveyed considered social media websites to be trustworthy in protecting privacy.

Australian Information Commissioner, Professor John McMillan, said the survey results confirm the growing community concern about privacy risks arising from the explosion in use of social media since this survey was last run in 2007.

‘In the last 5 years we have seen a significant change in how people communicate and interact online. People’s attitude to the importance of personal privacy protection is changing at the same time,’ said Professor McMillan.

The three most trustworthy industries, in relation to privacy, were health service providers, trusted by 90% of participants; financial institutions, trusted by 74% (up from 58% in 2007); and Government, trusted by 69%.

Of great importance in the results, is that the public expects data security protection to be similar in both the public and private sectors. 96% surveyed expect to be informed if their information is lost (for both government and the private sector) and around 95% surveyed also feel they should be made aware of how their information is handled on a day-to-day basis.

Privacy Commissioner, Timothy Pilgrim said it was clear that the Australian public continues to insist that their personal information is handled with the highest possible standards.

”Here is a business imperative for organisations to be transparent about their personal information handling practices and to ensure that privacy is built in to systems and processes right from the beginning,” Mr Pilgrim said.

Mr Pilgrim went on to say that “Just over 60% of Australians have decided to not deal with an organisation because of privacy concerns, which is an increase from just over 40% in 2007.”

“These results send a very clear message that people remain concerned about how their information will be handled. With a significant number of people saying that they have decided not to deal with an organisation due to privacy concerns, I suggest that business needs to listen to this and consider improving their practices,” Mr Pilgrim said.

The survey showed that Australians are increasingly concerned about the international sharing of personal information; 79% of people feel that cross-border disclosure is a misuse of personal information, and 90% have concerns about the practice.

‘This is an interesting finding given the increasing frequency with which data is being sent off-shore. New privacy laws commencing next March will increase protection around the handling of Australian information that is transferred off-shore, and it will be interesting to see how attitudes change as a result of this,’ Mr Pilgrim said.

Are you Prepared to take the Risk?

"David Balwin

David Balwin
CPA | Accountant | Business Advisor

“A good risk management plan with appropriate risk management strategies can minimise costly and stressful problems, and may also reduce insurance claims and premiums” (The Western Australian Small Business Development Corporation: BIZGuide-Insurance-Risk Management Plan – www.smallbusiness.wa.gov.au ).

The Western Australian Small Business Development Corporation discuss five steps to developing a risk management plan, being:

  1. Define the Risk Context- what are the circumstances in which the risk will occur
  2. Risk Identification – identify the risks that are likely to impact upon your business
  3. Risk Assessment – basically looks at the likelihood of the event occurring and what are the consequences if it does
  4. Risk Strategies – how do we manage/eliminate the risk
  5. Monitoring and Review – as risks change over time business’s need to continue to monitor and access risk on an ongoing basis.

So, what are we talking about when we refer to risks that can confront a business?  Here is list of the main types of risks but obviously it will vary between the various types of business.

  • Commercial
  • Legal
  • Financial
  • Health and Safety
  • Environmental
  • Reputation
  • Strategic
  • Operational
  • Service Delivery
  • Security
  • Equipment
  • Technology

OK, we get businesses have risks they have to manage, however how do we go about it?  By quickly developing a risk matrix that matches the business’s profile.

Start with the first column listing the risks down one side.  Next, post against each risk the likelihood of the event occurring and the significance of its consequences.

Describe the risk

What can happen?

How can it happen?

When can it happen?

Rate the likelihood

  • Very Likely
  • Likely
  • Unlikely
  • Very unlikely
Significance of consequence

  • Major
  • Serious
  • Minor
  • Insignificant
 Resulting level of risk

  • Low
  • Medium
  • High
  • Major
Describe how adequate current controls are

  • Over adequate
  • Adequate
  • Inadequate
  • Non-existent
Give it a risk priority

  1. Urgent Treatment required
  2. Treatment required
  3. Controls adequate (no new action)

The next step is then to determine what steps the business needs to take to mitigate the risk (ie. reduce the consequences when the risk actually occurs).  Examples of mitigating risks would include taking out insurances to cover certain risks, arranging a bank overdraft in advance to meet Cashflow shortages, backing up important data regularly and keeping copies offsite, providing ongoing training in service delivery or simply have a strategy in place that would protect vital equipment from flood or power failure.  The goal is to pro-actively manage the risk so that when events occur they are not unexpected but have already been thought of and a plan to deal with them developed and in place.

Even in the worst case scenario where the outcome is catastrophic if you have thought of it and have already made a decision as to what you would do in the circumstances then the stress associated with such an event may well be manageable or at least lessened by the fact you have already been through the thought process of how you would deal with the outcome.

Clearly risks change over time and need to be continually reviewed to ensure that your strategy does not become outdated.  An example of this could be the change in technology which is seeing more and more businesses move to cloud based systems where data is stored outside the organization’s system and the business is relying on the integrity of someone else’s system.

If you follow the basic steps outlined in this blog you are on the way to ensuring that no nasty surprises will be sprung on your business.

If you have any questions or not confident to develop processes yourself talk to us at Balanix Solutions –  we can help develop an appropriate strategy for your business.