Thursday 25 May 2017

Don't buy a data breach - Privacy and data security when procuring goods and services

At our recent monthly seminar 'Information Sharing and Data Protection - Know your Value', we discussed the importance of monitoring suppliers to mitigate privacy and data breaches.  This data security theme was continued during the Commissioner for Privacy and Data Protection's recent Privacy Awareness Week.

Remember these key messages and tips to help minimise the risk of your procurement experiencing a data or privacy breach:

Value your Data

From the outset, think about the value of the data that your supplier will collect or have access to during the arrangement.  This will enable you to determine the appropriate information handling and privacy requirements you'll need.

Choose the Right Supplier 

Ensure that your information handling and privacy requirements are part of your sourcing plan and clearly set out in your market facing documents.  Award a contract to a supplier who can demonstrate a good track record of understanding and implementing privacy and data security.

One size does not fit all  

Your risk management strategy needs to be proportionate and tailored to the size and activity of your procurement.  Data heavy supply arrangements may need to consider additional protections, including how information will be managed when a supplier transitions out.

Monitor your supplier's performance against the contract 

The words in the agreement are important, but ongoing contract management is necessary for early detection of possible data and privacy breaches.

If you'd like assistance on managing your suppliers to meet your information handling obligations, please contact:

Rebecca Radford
9947 1403

James Stephens

Snezana Stojanoska
9947 1412