One day you’re forking notes out of your wallet and the next you’re swiping, tapping and clicking your way to a full trolley.

The digital era is consumer heaven (and a business owner’s dream). But what happens if that personal information gets into the wrong hands?

With the increasing (and often sole) reliance on technology, the issue of data privacy has come under the microscope in recent times, with business owners having to adjust and adhere to strict terms and conditions on how information is stored, used and who has access to it.

But, what exactly is data privacy and why is it so important for your business to get right?

What is data privacy?

Data privacy relates to how information should be carefully handled and managed by both businesses and consumers. Varying in degrees of importance, this data can range from names through to highly classified material such as account details, tax numbers, and personal contact information.

To put this into perspective, take for example a first-time encounter with a stranger. Many people wouldn’t mind freely sharing general information such as their first name. Concurrently, you’d be hard pressed to find someone eager to freely hand over more sensitive information such as their address, birthdate or annual salary upon first meeting.

To ensure the safety and security of customers or users, privacy and data protection laws have come into place to ensure the information obtained by a business will not be freely available to any third party, and that the data stored remains classified and will not be used for undisclosed reasons.

Data privacy in Australia

With the break of Facebook and the Cambridge Analytica data privacy breach, online privacy and data protection has now been put in the spotlight, with a global movement dedicated to preserving the safety and security of user information.

Europe’s General Data Protection Regulation (GDPR) has officially been enforced, leaving all online websites who hold data of EU citizens scrambling to update terms and conditions, rewrite contracts and roll out new personal data tools to ensure adherence to the latest rules and regulations. If any Australian businesses have an establishment in the European Union (EU), offer goods and services in the EU, or monitor the behaviours of individuals in the EU, they are also subject to adhere to new GDPR requirements.

Currently, Australian businesses are subject to the regulations as outlined in the Privacy Act 1988. This Act states all businesses must have an up to date privacy policy explaining what information they collect from a user, how they are going to use it, and whether any information is going to be disclosed to any other party. Businesses also need to give all users the option to access and correct information, and make any complaints regarding information privacy or use of data by a third party entity.

Data breaches

A data breach occurs when any personal information held by a business is compromised, usually by means of being lost or subject to unauthorised access or disclosure. If a data breach takes place within your organisation, this can have severe impacts on business operations, leaving you susceptible to legal action.

Under the Notifiable Data Breaches (NDB) scheme, you are required to notify particular individuals, as well as the Australian Information Commissioner (the Commissioner) of any eligible data breaches that have taken place if it is likely to result in serious harm to any affected individuals.

Concurrently, if a business is quick and efficient in taking the appropriate action to remediate a data breach and the outcome is not likely to result in serious harm to the affected parties, there is no legal obligation to inform the Commissioner.

Risks of data breaches include:

– Unauthorised access – this could be via unauthorised access via an employee, independent contractor or an external third party such as via hacking.

– Unauthorised disclosure – this includes both intentional and unintentional disclosure of private information made visible to others in a means not permitted under the Privacy Act.

– Loss of information – this can be a result of accidental or inadvertent loss of information likely to result in unauthorised access or disclosure.

Benefits for users and customers

By putting steps into place to secure both your customers, users and your business’ information, you will solidify your reputation as a trusted business provider. This will increase your chances of preserving long-term customers and give both new and regular customers and users peace of mind knowing their information is going to be safely secured, and their private contact information will remain free of spam, unsolicited offers and other unwanted content.

Data privacy and eWAY

Specialising in secure payments minus the complexities, eWAY values the importance of security in all online business activity.

That’s why we have invested heavily in attaining the world’s highest payment security accreditation – PCI Level 1. This means that when your organisation is using our payments software to handle your customer payments, you can rest assured knowing any personal banking information is being handled with the highest level of payment security.

Backed by Global Payments – one of the world’s leading payment service providers, we have what it takes to keep information safe and secure while keeping your business operations steady and streamlined.
Find out more about our PCI compliance and start securing your business today!