Do you deal with Personal Data (e.g. government agencies, health, universities and councils)? You should know your obligations, but what if you don’t?
Hosting Platform for Online Forms
If your organisation captures, stores or processes other people’s sensitive, private or personal information, the law says you must secure it. Until recently, this hasn’t always been easy. Now it is - with a Smart Form Builder hosted in a secure environment with options for hosting within Critical Infrastructure.
She won't be right
With growing concerns about data privacy, sovereignty, security, access control and identity theft, it’s fair to say that some Australian entities have taken a ‘she’ll be right’ attitude. Many believe ‘it won’t happen to us’ even though numerous Australian high-profile breaches suggest otherwise.
Organisations which routinely deal with Personally Identifiable Information (PII) - like government agencies, health sector clients, universities, schools and local councils - are more likely to consider how, when and who may access the data they store. If you’re one of these entities, you’ll know all about the theory, but the practice of data security may still be elusive and the risks seemingly remote.
Not just 'nice to do'
Obligations relating to data security are not unknown; they’re clearly stated in existing legislation. Primary examples include the Health Privacy Principles (HPPs), the Privacy Act (1988) the Health Records Act (2001), My Health Records Act (2012) and the Education Services for Overseas Students Act 2000.
Trawling through these documents may not be something you do often, but maybe taking a peek is a good idea; the risks of non-compliance and the penalties are just too high.
How do you know?
Every day, customers like students, patients and citizens receive requests for personal information, perhaps from entities like yours. You might even be using insecure, unencrypted email, because it’s the only method you have.
But, do you know how secure your third-party systems are? These are the survey tools, document systems and applications that collect the data. They may host the data too, or pass it along to other third parties.
Data hosting could be on-shore and subject to Australian privacy laws – or off-shore and not. You may not know which is true even if you’ve read the user agreement carefully. If you did, the details could still be vague. Mostly you won’t know for sure how and where your customers’ data will be captured, stored and shared.
So, the obligation to collect and secure the data and comply with relevant legislation falls to those who collect it – maybe you – not to those who surrender it - your customers.
Simpler, more transparent and secure
At CIBIS, we’ve just made it easier for everyone to sleep better: those who surrender information and hope for the best - and those who collect it and must keep it safe.
Contact CIBIS to discover how to collect sensitive data with the Smartest Form Builder and keep it safe and secure within Australia.
