Does your organisation have a program to train staff about their privacy obligations? Have you identified technical or procedural ways to minimise the risk of privacy breaches such as unauthorised access to records?
If you can’t point to demonstrable and proactive steps you have taken to prevent privacy breaches, your organisation could be found in breach of the Data Security principle. That’s the takeaway message from a recent case involving WorkCover NSW.
In a case involving the internal circulation and storage of a complainant’s psychiatric report, the NSW Civil & Administrative Tribunal was unimpressed with the ‘passwords and access cards’ security safeguards as described by WorkCover, and found the government agency in breach of Health Privacy Principle 5, the Data Security principle in the Health Records & Information Privacy Act 2002 (NSW). The Tribunal instead articulated a number of steps which together it would have considered ‘reasonable safeguards’ to protect health information, including tracking read-only access to electronic files, procedures to restrict access to particularly sensitive types of information, and a program of repeatable staff training about privacy obligations.
One way to quickly implement an enterprise-wide privacy compliance training program is to use e-learning. E-learning offers your staff flexibility of timing, and you could adopt a requirement for staff to repeat the course every few years, without any incurring additional cost.
We have recently refreshed our Privacy E-learning Program, updating both the style and the content. We now include more interactions to focus the learner’s attention, and we have streamlined the product development process – which means the cost for you has come down too!
Unique amongst privacy compliance training providers, we customise both the style and content of our Privacy E-learning Program, to meet our clients’ needs. So if you choose Salinger Privacy for your compliance training needs, you can quickly roll-out privacy awareness training across your organisation, knowing that it reflects your branding and the privacy law that actually applies to you – not some generic version.
Our customisation also includes particular privacy messages and tips, that we design in consultation with you, to ensure that they are relevant for your staff. Take a look at our Demo module, or see more information here.
Photograph © Shutterstock