Promoting your business

Five key actions for digital compliance

There is so much more to your data security than you would like to admit, but it pays to be aware and act before you have to.

On 30 July 2018 Michael Perkins, Guy Thornycroft and James D Ford discussed varying aspects of Australian law in the digital space.

From this discussion, My Business has compiled key actions for businesses to take when dealing with digital assets and database security.

1. You must do something about data security and privacy

In the webinar, James mentioned “Around 60% of small businesses fail in 6-12 months after a data security breach. This means businesses must incorporate preventative action in their data security policy.

Consider how the following questions affect the operations, management and ownership interests of your business:

a)    What are the short-lived and enduring aspects of the interactions that comprise your business’ digital life?

b)    How is second- and third-party data that is collected to be protected and managed satisfactorily?

c)    What enduring elements of the business are produced by investment in the business?

d)    Is digital currency used or produced in the operation of the business?

Irrespective of your turnover, your business needs to consider the security of your digital assets.

ACTION: answer the questions above and educate yourself.

2. List the devices in your business

Our digital assets not only refers to social media accounts, storage accounts, and crypto currency, but can also be our creations of entertainment, training, market research and business process engineering.

ACTION: make sure you are fully aware of all the devices used to access and modify data in your organisation to ensure the assets are secure.

3. Make sure data security policy is embedded in your organisation

Leadership on your data security standards starts at the top. Make sure you do not leave your data policy to just the ‘young and technically perceptive people’.

Everyone in your business needs to get on board with the policies in place to secure your business’s digital assets. The weakest link is usually the human element of your business.

ACTION: Consider a group meeting to discuss company data security requirements, with practical application in each person’s role. Discuss examples of data breaches in the past with ways to help protect yourself.

4. Client expectations of data security may exceed your legal responsibility

Legal standard is not enough to protect your reputation. Reputation is driven by perceptions of your customers and broader market interests, not your opinion of yourself.

For instance, cookies are not governed by the Privacy Act in Australia, but you always see banners on websites advising that the websites collects cookies because it is best practice. The expectation of a user on a website is that they will be told if cookies will be collected, as data is very much like a digital fingerprint, and therefore personal. 

Therefore, the Australian law for data security standards is playing catch-up in this case. But don’t let your business play catch-up as well.

Take a look at the European General Data Protection Regulation to see how other governments are dealing with this issue. 

ACTION: Look at ways to make your privacy policy or terms and conditions more readable for the end-user. Data breaches in your business affect the trust of your consumer.  

5. Ask for help with your data security policy

It is essential that businesses move with the times, as getting it wrong can lead to criminal liability. Make sure you ask for help with any terms you are not familiar with or any actions that require consultation.

ACTION: Get professional advice.

IS YOUR BUSINESS CYBER SAFE?

Explore our next-gen cyber training and resources to defend against online threats to your business. Plans start from only $10/month.

Glossary

While trying to understand new terms and acronyms, you can sometimes feel buried in legislative red tape. Please find a list below of acronyms and their meanings:

Acronym    

 

EULAs

End User Licence Agreement

TOUs

Terms of Use

T&Cs

Terms and Conditions

TOSs

Terms of Service

The list below outlines a range of different laws that might be involved. These laws have varying uses with notes explaining what they may include for the digital space or how they might be amended in the future.

Law

 

Interpretations Act 1987 (NSW)

Now includes digitally stored info

Contract Law 

Service agreement enforceable under law to impede a family member’s access

Private International Law

Restricts access

Criminal Law  

Prohibits the “unauthorised access” to restricted info and data

Privacy Law  

Does not protect the personal info and not extended to include info of deceased persons

Property Law

The term ‘digital assets’ does not match what the law defines as property in Commonwealth and State law

Copyright Law  

Service agreements often restrict the IP rights of users, which can affect entitlements of successors.

Succession Law

Whether a person owns digital assets as their ‘property’ depends on the service agreements

Estate Admin Law

Access to digital assets limited for executors and administrators depending on the service agreements

Disclaimer: please note that this is not legally binding advice.

Found this useful?

Subscribe to our newsletter and receive the best business tips and articles straight to your inbox.

Thank you for signing up to our newsletter. You're one step closer to receiving more insightful information to help better your business.

We take your privacy seriously and by subscribing to our newsletter you agree to the terms of our Privacy Policy available below.