Reading time: 5 minutes

As more businesses shifts online, cybersecurity is likely to be just as fundamental for your business as physical security. When you operate online, you need to be mindful of what data risks could affect your business. The data your business holds will likely include both sensitive and highly critical information, so it is crucial that you implement appropriate measures to secure it online. Otherwise, you run the risk of harming your own interests and running into legal troubles if you need to take responsibility for unreasonably poor cybersecurity. For some guidance, this article will go through some preventable data risks in your New Zealand business.

What Are Data Risks?

The concept itself can be broad, but a data risk can refer to risks in your business that threaten the security of your business’ data. Accordingly, unchecked data risks can lead to potential data breaches, which can have disastrous consequences for your business. A data breach refers to when something compromises your business’ data, such as:

  • an unauthorised person gaining access to your data;
  • sensitive business data leaking into an unsecured environment, such as the general internet;
  • someone misusing, deleting, modifying, or losing your data; or
  • something preventing you from accessing your data, such as a DDoS attack.

The causes of data breaches can be intentional or accidental, ranging from a cyberattack to human error.

How Are Data Risks Relevant to My Business?

Not only do you need to manage data risks to avoid the potential fallout of a data breach for your business, but you may have a legal obligation to in some instances. This fact depends on the kind of data that may be at risk, such as:

  • personal information;
  • contractual information;
  • trade secrets;
  • intellectual property information; or
  • any other confidential information that has a duty of confidentiality attached.

If you deal with personal information, you need to comply with New Zealand privacy law. In particular, your obligations include:

  • taking reasonable steps to secure any personal information you deal with; and
  • reporting privacy breaches that are likely to cause serious harm.

Leading on from that, you are unlikely to completely eliminate potential data risks for crucial data within your business. However, you can take steps to identify and minimise these risks. Naturally, this will depend on the unique circumstances of your business, but the paragraphs below detail some manageable data risks.

Email Leakage

One of the most common security threats is accidental data disclosure over email. Accordingly, it is often as simple as sending confidential information to the wrong person or recipient. However, if you implement appropriate email policies and practices within your business, you can minimise any data risks that email communication can bring. These can include:

  • setting up email security software;
  • reminding staff to double-check recipients, such as with pop up boxes before sending emails;
  • delayed send times for emails;
  • taking care sending spreadsheets that contain large amounts of data; and
  • adding email disclaimers to your communications.

New Projects

If your business is beginning a new project or initiative, this may bring various unknowns that you have not dealt with before, such as new partners or business processes. Therefore, whenever you start a new project at your business, you should conduct some form of data risk assessment, such as a privacy impact assessment or other evaluation. That way, you can identify potential risks that you need to mitigate before projects are underway and more difficult to fix down the line.

Weak Cybersecurity Measures

If you are a small business that does not conduct all of its commercial activities online, you may think that you can get away with little investment in your cybersecurity. However, hackers do not necessarily target systems for the kind of information they hold. Instead, they target weak systems that they can easily exploit. As a result, cybersecurity is becoming more critical, so you need to ensure you have measures that will appropriately protect your business. These may include:

  • appropriate password policies;
  • encryption measures;
  • firewalls; and
  • secure file storage.

Staff Training

The more people you have in your business, the greater the chances of an unintended data breach. Human error, while accidental, can often lead to security risks that can have disastrous consequences for your business. Therefore, your staff must know how to operate online securely and identify the signifiers of data risks where appropriate. Specific measures include:

  • data training for employees dealing with confidential data;
  • appropriate disposal methods for data;
  • device usage policies;
  • training around appropriate personal information handling;
  • creating information manuals and policies for staff to refer back to; and
  • regular assessments of data protocols and security.

Key Takeaways

Data risks are potential weaknesses in your data security. These can lead to data breaches, which can be disastrous for your business and invoke legal obligations. Therefore, it is important you are proactive and take steps to prevent data risks where possible. 

If you would like more information or help with the legal aspects of managing data risks within your business, contact LegalVision’s data, privacy, and IT lawyers on 0800 005 570 or fill out the form on this page.

Frequently Asked Questions

What is a data risk?

As a broad concept, data risks are weaknesses in your business’ systems or practices that could increase the potential for a data breach. Therefore, you must take steps to mitigate these wherever possible.

What is personal information?

Personal information is any data about an identifiable individual. For example, if you can use it to identify a living person, then that data is personal information, and you need to comply with privacy law when you deal with it.

About LegalVision: LegalVision is a tech-driven, full-service commercial law firm that uses technology to deliver a faster, better quality and more cost-effective client experience.

The majority of our clients are LVConnect members. By becoming a member, you can stay ahead of legal issues while staying on top of costs. From just $119 per week, get all your contracts sorted, trade marks registered and questions answered by experienced business lawyers.

Learn more about LVConnect

Need Legal Help? Get a Free Fixed-Fee Quote

If you would like to receive a free fixed-fee quote or get in touch with our team, fill out the form below.

Our Awards

  • 2019 Top 25 Startups - LinkedIn
  • 2020 Excellence in Technology & Innovation Finalist – Australasian Law Awards
  • 2020 Employer of Choice Winner – Australasian Lawyer
  • 2021 Fastest Growing Law Firm - Financial Times APAC 500
  • 2021 Law Firm of the Year - Australasian Law Awards
  • 2020 Law Firm of the Year Finalist - Australasian Law Awards