Privacy vs Security
The concepts of Privacy and Security are often merged or exchanged. While they overlap in terms of the topic that they both address, there is a key difference between the two.
Privacy involves your right to manage your personal information, and security is the means of protecting this information.
When we look at Kinatico and its verification and compliance business, we want to protect our customers’ information, and our job is to do this through various security means.
Kinatico implements the concept of ‘Defence in Depth’, a strategy that uses multiple security methods to protect an organisation’s data and associated assets. Here at Kinatico, we aim to build security and protect the data we hold in our organisational DNA. From compliance with the international information Security framework of ISO27001 to employee education and awareness of physical and technical security controls, we endeavour to protect our customers’ data— “The privacy of data is our highest priority.”
Privacy Awareness Week 2024
For this year’s Privacy Awareness Week, organised by the Office of the Australian Information Commissioner, the theme is Power Up your Privacy – how can individuals, businesses, and government work both separately and collectively to enhance the protection of privacy. The theme focuses on privacy and technology and the key principles of transparency, accountability, and security.
How Transparency, Security, and Accountability Aid Privacy
So, what do the terms Transparency, Security and Accountability mean, and how do they relate to Privacy?
Transparency in data privacy refers to the practice of openly communicating with individuals about how their personal data is collected, used, stored, and shared. Transparency enables individuals to make informed decisions about their privacy and empowers them to exercise control over their personal information.
Security in data privacy refers to the measures implemented to protect personal data from unauthorised access, disclosure, alteration, or destruction. Security can include any number of technical, organisational, and procedural controls that are designed to safeguard information and systems while mitigating risks to privacy. Security is fundamental to Data Privacy as it is the means by which we protect information.
Accountability in data privacy means taking responsibility for how personal information is handled. It involves being transparent about data practices, following laws and regulations, and acting if there’s a problem. This ensures that individuals and organisations are held responsible for protecting personal data and can be trusted to use it properly.
As we further progress through this digital age, where we are seeing increasing amounts of information being uploaded, processed, transferred and stored online, the concepts of Transparency, Security, and Accountability are becoming even more necessary to keep data safe.
How Can an Organisation Protect Your Privacy?
When we look at the three terms described above, any organisation that you interact with should be able to provide you with clarity on the information they hold about you, the security they have in place to protect your information, as well as be there to assist you should the unfortunate event occur that your information be accessed without your permission.
By working with companies that look after your privacy, you can start to build a level of assurance in your privacy. Kinatico has been built with privacy in mind, aiming to be transparent, secure, and accountable when it comes to the data it holds and our customer’s privacy.
Transparency and security should be built into an organisation. The easiest way to determine the privacy of your data when using a service is for an organisation to be able to follow the concept of ‘The Five W’s and the H’. This concept is an effortless way to find answers about your data and ensure privacy and security when using a service.
Ask the following questions:
Who – Whose data is being collected or processed? Are they storing or processing any of my data?
What – What specific data of mine is being stored or processed? If my data is being stored or processed, what exactly are they collecting?
Where – Where is my data being stored? If my data is being stored, where is it located? Is it stored within Australia or in another country? Is it stored in a secure location?
When – When will my data be deleted? How long will they retain my data? Will they delete it after a certain period?
Why – Why do they need my data? Are they collecting any unnecessary data about me? What is the purpose of collecting my data?
How – How do they protect my data? How do they ensure the security and confidentiality of my information? What measures are in place to safeguard my data from unauthorised access or disclosure?
At any time, a consumer/customer should be able to request or access answers to the above in relation to their own data. Privacy should be at the forefront of any organisation.
For us here at Kinatico, you can find information regarding the ‘Five W’s and the H’ either on our website, or by getting in contact with us.
Once you have this information from a company, how do you know if what they are doing is good practice? The best way is to look and see if it aligns with the thirteen (13) Australian Privacy Principles | OAIC (The Principles). The principles are the cornerstone of the Australian Privacy Act and are an excellent way for individuals to understand how their privacy should be cared for. The principles talk about the likes of open and transparent management of personal information, use and disclosure of information and the security of that information. While there is room for interpretation of The Principles to allow them to work for all varieties of organisations, the fundamental objective stands – to avoid possible adverse effects on the privacy of individuals.
How Does Kinatico Protect Your Privacy?
Kinatico follows the theme of this year’s Privacy Awareness Week, looking at Transparency, Accountability and Security regarding the services we offer.
Transparency
We believe in transparency and want our customers to understand what we do and how we do it. At Kinatico, transparency is vital to our approach to privacy. Whether we’re collecting personal information or implementing new technologies, we prioritise clear communication and informed consent.
Internally, we ensure that our team members are well-informed about privacy policies and guidelines. Externally, we strive to provide our customers with transparent information about how their data is handled and obtain their consent where necessary.
Additionally, we regularly review our data retention practices ensuring that we only keep the information we need. When seeking consent, we make sure that our privacy policies are easily accessible and understandable.
Finally, we integrate privacy considerations into the design of our products and services, following a privacy-by-design approach.
Accountability
By fostering a culture of accountability throughout our organisation, we not only build trust with our customers and consumers but also safeguard against potential risks and harm.
In the event of problems or breaches, we are prepared to respond swiftly, transparently, and thoughtfully. We understand that outsourcing services does not absolve us of our responsibility, so we remain vigilant when engaging third-party providers.
By ensuring that privacy remains a priority at every level of leadership and empowering our staff to champion privacy in their daily activities, we cultivate a more robust, more secure, and privacy-conscious organisation.
We aim not only to meet regulatory requirements but also to exceed them, making robust privacy practices a distinguishing feature of our organisation.
We understand and acknowledge our role when it comes to the privacy of our customers and take accountability seriously, owning what we do and how we do it, striving to do the best we can.
Security
At Kinatico, we prioritise security as an essential aspect of protecting personal data. Aligned with our commitment to ISO27001 compliance, we implement security measures to safeguard against known and emerging threats.
Our approach emphasises strong data governance practices and continuous enhancement of security measures to ensure the safety of customer data. Moreover, regular and accessible staff training helps mitigate human-related risks.
Our commitment extends to maintaining up-to-date privacy management and data breach response plans, supported by guidance and tools to strengthen our cyber defences. Considering the possibility of human error, we design our systems with this in mind and carefully select service providers and contractors who adhere to like-minded security measures to protect personal information.
Furthermore, we store data within Australia and collaborate closely with the likes of the Australian Criminal Intelligence Commission (ACIC) to ensure compliance with regulatory standards, demonstrating our dedication to maintaining security and privacy for our customers’ data.
Conclusion
In conclusion, transparency, accountability, and security are essential components in ensuring privacy for both organisations and individuals. By upholding these principles, businesses can build trust with their customers and demonstrate their commitment to protecting personal data. Similarly, individuals can have confidence that their information is being handled responsibly by the organisations they engage with. As privacy continues to be a paramount concern in today’s digital landscape, integrating these principles into everyday practices is crucial for maintaining trust and fostering a secure online environment for all.
By powering up privacy, we can collaboratively safeguard the personal information of individuals and fortify Australia’s digital landscape as we navigate an increasingly digital era.
