Home How We Help Grow your business Promoting your Business Five key actions for digital compliance

Promoting your Business

Five key actions for digital compliance

There is so much more to your data security than you would like to admit, but it pays to be aware and act before you have to.

sacha-henry By

Sacha Henry

Australian Business Consulting & Solutions

On 30 July 2018 Michael Perkins, Guy Thornycroft and James D Ford discussed varying aspects of Australian law in the digital space.

From this discussion, My Business has compiled key actions for businesses to take when dealing with digital assets and database security.

1. You must do something about data security and privacy

In the webinar, James mentioned “Around 60% of small businesses fail in 6-12 months after a data security breach. This means businesses must incorporate preventative action in their data security policy.

Consider how the following questions affect the operations, management and ownership interests of your business:

a) What are the short-lived and enduring aspects of the interactions that comprise your business’ digital life?

b) How is second- and third-party data that is collected to be protected and managed satisfactorily?

c) What enduring elements of the business are produced by investment in the business?

d) Is digital currency used or produced in the operation of the business?

Irrespective of your turnover, your business needs to consider the security of your digital assets.

ACTION: answer the questions above and educate yourself.

2. List the devices in your business

Our digital assets not only refers to social media accounts, storage accounts, and crypto currency, but can also be our creations of entertainment, training, market research and business process engineering.

ACTION: make sure you are fully aware of all the devices used to access and modify data in your organisation to ensure the assets are secure.

3. Make sure data security policy is embedded in your organisation

Leadership on your data security standards starts at the top. Make sure you do not leave your data policy to just the ‘young and technically perceptive people’.

Everyone in your business needs to get on board with the policies in place to secure your business’s digital assets. The weakest link is usually the human element of your business.

ACTION: Consider a group meeting to discuss company data security requirements, with practical application in each person’s role. Discuss examples of data breaches in the past with ways to help protect yourself.

4. Client expectations of data security may exceed your legal responsibility

Legal standard is not enough to protect your reputation. Reputation is driven by perceptions of your customers and broader market interests, not your opinion of yourself.

For instance, cookies are not governed by the Privacy Act in Australia, but you always see banners on websites advising that the websites collects cookies because it is best practice. The expectation of a user on a website is that they will be told if cookies will be collected, as data is very much like a digital fingerprint, and therefore personal.

Therefore, the Australian law for data security standards is playing catch-up in this case. But don’t let your business play catch-up as well.

Take a look at the European General Data Protection Regulation to see how other governments are dealing with this issue.

ACTION: Look at ways to make your privacy policy or terms and conditions more readable for the end-user. Data breaches in your business affect the trust of your consumer.

5. Ask for help with your data security policy

It is essential that businesses move with the times, as getting it wrong can lead to criminal liability. Make sure you ask for help with any terms you are not familiar with or any actions that require consultation.

ACTION: Get professional advice.

Glossary

While trying to understand new terms and acronyms, you can sometimes feel buried in legislative red tape. Please find a list below of acronyms and their meanings:

Acronym
EULAs	End User Licence Agreement
TOUs	Terms of Use
T&Cs	Terms and Conditions
TOSs	Terms of Service

The list below outlines a range of different laws that might be involved. These laws have varying uses with notes explaining what they may include for the digital space or how they might be amended in the future.

Law
Interpretations Act 1987 (NSW)	Now includes digitally stored info
Contract Law	Service agreement enforceable under law to impede a family member’s access
Private International Law	Restricts access
Criminal Law	Prohibits the “unauthorised access” to restricted info and data
Privacy Law	Does not protect the personal info and not extended to include info of deceased persons
Property Law	The term ‘digital assets’ does not match what the law defines as property in Commonwealth and State law
Copyright Law	Service agreements often restrict the IP rights of users, which can affect entitlements of successors.
Succession Law	Whether a person owns digital assets as their ‘property’ depends on the service agreements
Estate Admin Law	Access to digital assets limited for executors and administrators depending on the service agreements