Privacy Awareness Week blog series: Making privacy a habit
Getting into good privacy protection habits isn’t hard, but can save you and your organisation a lot of hardship. It only takes minor actions, practised regularly, to protect you and your clients. Like putting on your seatbelt when you get into a car, these actions – once they are habitual – become something you don’t really need to think much about. However, they can make a big difference in terms of reducing risks.
Simple privacy-protection habits for you (and your staff)
Think, “Do I really need to collect this information?”
You should only collect personal information when this is necessary to carry out your job. We call this the “primary purpose” of collecting personal information. For instance, if you are a caseworker, you will need to collect, store and use information in order to provide case management or counselling services. Accordingly, you should not collect information that is not required for these purposes. In some cases, you may not need to collect identifying information at all to carry out the task. Always consider – could the individual remain anonymous?
Clean desk, secure devices
It’s very quick and easy to lock your devices. For most computers, pushing the “control”, “alt” and “delete” keys at the same time will bring up a menu allowing you to lock your PC, and setting up a passcode on your mobile and other devices in order to lock them is simple, too (hint: you do this via your device’s security settings. If you’re not sure how to access these, ask that IT boffin you know). You should always lock your devices before walking away from them. Locked devices are secure devices! The same is true of desk drawers and filing cabinets (not the virtual kind, the ones in the real world). These should be kept locked, and papers with personal information on them should be kept in these locked desk drawers and filing cabinets, not on your desk or other unsecured locations.
Always check – right person, right address
These days, our phones and email make sending and receiving messages a quick and easy task. Unfortunately, with functions such as address and recipient autofill, they can make privacy breaches a simple and easy task, too. Because of this, it is important to always check and double-check that the recipients and address(es) of emails, texts and other messages are correct before sending. Take a couple of extra seconds and make sure. It’s easy, and well worth it.
Good privacy protection habits are simple, and almost effortless. Make them part of your everyday, starting today!
And remember, if things do go wrong, OVIC is here to help your organisation manage the situation. If your organisation has had a privacy breach, you can contact OVIC for guidance on breach management. We can also assist your organisation with general guidance on the Information Privacy Principles and with the planning for projects that will potentially have privacy impacts.