Reading time: 6 minutes

Your business likely handles customers’ personal information, which is data that can identify them. Examples include:

  • physical addresses;
  • photos;
  • email addresses; and
  • financial details.

The nature of this information could be sensitive and cause harm to the affected individual if it were to fall into the wrong hands. Because you deal with this kind of information, you have certain legal requirements that dictate how you handle personal data. Therefore, you must take important steps to avoid privacy breaches in your business and keep customer data safe. This article will explain the nature of privacy breaches and outline some ways to prevent them.

What Is a Privacy Breach?

Your business is an agency that handles personal information, so you need to meet your privacy law obligations. This means taking due diligence and being careful about how you:

  • collect;
  • store; and
  • use customer’s personal data.

If something goes wrong in any of these processes, it could lead to a privacy breach, with customers’ sensitive information being at risk. 

There are two types of privacy breaches. These are:

Confidentiality or Integrity Breach:

Where a person has accessed, altered, lost, shared, or destroyed personal information without proper authorisation; and

Availability Breach:

Where something (or someone) prevents you from accessing the personal information your business holds, such as a denial-of-service attack. This includes both temporarily and permanently.

For example, say that someone forgot to lock up filing cabinets with sensitive customer information inside before they went on leave for a few days. Depending on the type of information inside and the likelihood of unauthorised access, this could be a substantial privacy breach.

Privacy breaches vary in their seriousness, ranging from a forgotten password to a malicious cyberattack. If you have a privacy breach at your business that is likely to cause serious harm (or already has), you must notify the Privacy Commission and the affected individual.

What Causes Privacy Breaches?

Privacy breaches can happen for various reasons, and they are not all the result of hackers behind a computer screen. For example, causes of privacy breaches can include:

  • mistakes or accidents;
  • carelessness;
  • poor procedures;
  • inadequate security; or
  • malicious interference.

Make sure to identify potential privacy risks in your business, and take steps to minimise those risks.

Preventing Privacy Breaches

You can avoid privacy breaches by putting adequate preventative measures in place. The best defence against privacy breaches is good preparation and strong privacy policies. If you can reduce the risk of a privacy breach and reduce its potential spread of harm, then this can go a long way if you do have a breach.

Tip: Make sure you have an efficient privacy policy and a comprehensive privacy incident response plan. If a privacy breach does occur, it will be easier to deal with if you have established guidelines in place.

Some preventative measures include:

Strengthening Security

Ensure you have adequate security systems for both your physical and digital storage of personal information. The last person to leave your business premises should make sure filing cabinets are locked and alarm systems are in place. Furthermore, you should password protect your digital databases, set up a firewall, and encrypt the data you store.

Collecting Relevant Data

When you collect personal information, the law requires that you only collect the information that you need for a particular purpose. Not only does that protect your customers’ privacy, but it also limits the amount of information available for a privacy breach. Ensure you limit the information you store to only the data you need and do not collect irrelevant and extraneous data. 

Disposing of Information Securely

Delete personal information that you do not need anymore, and do not hold onto such information for longer than is necessary. When you do dispose of information, do so securely. For example, instead of just throwing out paper documents as they are, make sure to shred them first.

Being Careful With Email

Privacy breaches due to email mishaps are very common. Double-check that you send emails to the right person, especially when you are sending sensitive emails outside of your business. It may help to turn on pop-ups reminding you and your staff. Ensure that any attachments you send, such as information-heavy spreadsheets, do not contain any personal data that the recipient is not authorised to know.

Limiting Access

Ensure that only authorised staff can access client databases and other stores of personal customer information. Give these authorised individuals unique passwords, and keep access logs as well.

Effective Policies and Procedures

Have effective procedures within the workplace designed to protect privacy. Ensure your staff know not to open suspicious emails from unknown senders and avoid downloads from unauthorised websites that could result in privacy breaches. Further, do not leave devices with private information on them unattended, and ensure employees know who to contact if they suspect a privacy breach has occurred.

Key Takeaways

Preventing privacy breaches is becoming more crucial for businesses as they move to digital spaces and deal with customer information. Therefore, you must ensure you protect your business by improving security measures and having effective privacy procedures in place. If you would like more information or help to avoid privacy breaches at your business, contact LegalVision’s New Zealand privacy lawyers on 0800 005 570 or fill out the form on this page.

Frequently Asked Questions

What is a privacy breach?

A privacy breach is when your customers’ personal information has been compromised. This could be through an unauthorised person accessing their information or something stopping you from accessing said information.

How can I prevent privacy breaches in my business?

Good preparation can go a long way towards preventing privacy breaches in your business. This means improving both physical and cybersecurity, as well as limiting the number of people authorised to access customers’ personal information.

What are good security measures?

The type of appropriate security measures will depend on what you are protecting. For example, you should lock sensitive information in physical storage with only authorised access to the key. Whereas, digital storage should be password-protected and encrypted.

What causes privacy breaches?

Like many mishaps, privacy breaches are often caused by mistakes and complacency. Malicious actors will take advantage of weak security systems and careless attitudes towards privacy protection.

About LegalVision: LegalVision is a commercial law firm that provides businesses with affordable and ongoing legal assistance through our industry-first membership.

By becoming a member, you'll have an experienced legal team ready to answer your questions, draft and review your contracts, and resolve your disputes. All the legal assistance your business needs, for a low monthly fee.

Learn more about our membership

Need Legal Help? Submit an Enquiry

If you would like to get in touch with our team and learn more about how our membership can help your business, fill out the form below.

Our Awards

  • 2019 Top 25 Startups - LinkedIn
  • 2020 Innovation Award 2020 Excellence in Technology & Innovation Finalist – Australasian Law Awards
  • 2020 Employer of Choice Award 2020 Employer of Choice Winner – Australasian Lawyer
  • 2020 Financial Times Award 2021 Fastest Growing Law Firm - Financial Times APAC 500
  • 2021 Law Firm of the Year Award 2021 Law Firm of the Year - Australasian Law Awards
  • 2022 Law Firm of the Year Winner 2022 Law Firm of the Year - Australasian Law Awards