Keeping sensitive information secure starts with a plan: why every business needs to have a data policy

by Peter O’Connor, Vice President Asia Pacific and Japan, Snowflake

Credit: ID 107524234 © Stepanenko Oksana |

Does your business have a well-defined data governance regimen? If not, you may be one of the sizeable contingent of Australian enterprises which are playing Russian roulette with information security – and potentially creating a major risk for their company’s viability.

It’s been more than a year since the federal government introduced tough new privacy regulations, in the form of the Australian Notifiable Data Breaches scheme. This compliance regime requires businesses with turnover in excess of $3 million to notify their customers and the Office of the Australian Information Commissioner, Australia’s privacy watchdog, should they suspect or experience a significant data breach.

Organisations which fail to do so within 30 days and which don’t remediate the issue appropriately risk fines that can rise as high as $1.8 million, for serious and repeat offenders.

That’s far from pocket change but it might start to look like it when compared with the eye-watering financial penalties the European Union now has the power to impose on organisations which breach the privacy of its citizens.

In May 2018, the EU’s General Data Protection Resolution legislation came into force, giving data protection enforcement bodies the right to impose fines of up to 20 million Euros, or four per cent of a firm’s global turnover, on egregious offenders.

Serious stuff and it doesn’t just affect companies headquartered on the European continent – the GDPR laws apply to any organisation that collects the personal data of EU citizens, regardless of their physical location.

Prevention is invariably better than cure. Protecting the integrity of the data in your organisation’s keeping begins with developing a comprehensive policy which details exactly how you intend to do so. If you’re not sure where to start, here are some tips for getting on top of data governance and security across the enterprise.

Move towards a single source of truth

It’s difficult to safeguard what you don’t know you have. In many companies, data is dispersed across the enterprise in business units or divisions, each with their own, often informal, usage and storage policies.

Investing in a ‘single source of truth’ solution can enable companies in this position to consolidate and control their data via one central location. Once this technology is implemented, data can be categorised and managed, according to whether or not it includes personally identifiable information.

Historically, the need to replicate data across the enterprise bedevilled many efforts to enforce governance policies but, thanks to recent advances in cloud computing and encryption technology, it’s now possible to centralise and share data without having to make copies. As a result, all employees can access exactly the same information on demand.

Be open with your customers

How do you use the data in your keeping and are you comfortable for your customers – the individuals who’ve entrusted you with their personal and potentially sensitive information – to know about it?

When it comes to data management, trust and transparency are deeply entwined. A good data policy should lay everything on the line in an open and transparent way – who owns the data, how it can and will be used in the business and the instances in which it can be shared with other individuals and entities external to the organisation.

Educate your workforce

Developing a rigorous data governance policy is one challenge; ensuring employees put it into practice is another. Communication and training are the key to ensuring everyone within an enterprise is aware of the rules for respectful and responsible data usage and the importance of adhering to them.

It’s also important to make customers and partners aware of your policies and practices by posting them online, sharing them via email when appropriate and encouraging employees to provide details when asked.

Upping your game

Taking control of your data and ensuring it’s used and managed responsibly is more than just a nice idea; in 2019 it’s an economic imperative.

In an era when frequent reporting of data breaches has individuals increasingly anxious about the prospect of having their privacy compromised or their identity stolen, companies which can’t demonstrate their commitment to data integrity may struggle to maintain trust.

They’re also more likely to find themselves facing severe financial penalties.

Crafting a comprehensive data policy and investing time and resources into its implementation is a form of insurance against this occurring. It can give employees the guidance they need to do the right thing and customers the confidence their personal information is in safe hands.

Tags data policy

Show Comments