Risk and compliance: Data protection, corporate reputation and privacy

Jason Pollock
By Jason Pollock | 16 December 2022
Sarah Campbell; image supplied.

This is the sixth article in a miniseries about risk and compliance. Read the first article here, along with perspectives from DoubleVerify, InfoSum, Scope3 and Quantcast about what risk and compliance means to them.

AdNews spoke to Sarah Campbell, CEO at the Australian Data and Insights Association, about the importance of data protection, the need to protect corporate and brand integrity and consumers and ramping up their expectations.

How have you seen the attitudes change towards compliance and risk over your time in the industry?

 "I think we can now expect attitudes and practices to shift dramatically. The Optus cyber-attack is a wake-up call for government and corporate Australia. The appeal of ‘big data and data being the new oil’ is over. There are bad actors everywhere and the risk of a cyber-attack and subsequent privacy breach is increasingly very real."

What sort of compliance and risk issues should be front of mind now for organisations?

"Privacy and personal data protection are imperative, along with the having appropriate data information and security systems in place. I don’t think you can do one without the other. If you can’t store the data safely, then don’t collect it. Cyber-attacks can happen to any business at any time; however, having the appropriate measures in place to help prevent and respond is what makes the difference to public opinion and corporate reputation. 

"ADIA members set the gold standard for compliance and risk – researchers only collect personal information for research purposes, de-identify as soon as possible and delete it when no longer required for the research project. It’s not rocket science – collecting and holding less data is a clear benefit as it minimises risk."

What’s driving the creation of such new roles as marketing risk officers? 

"The need to protect corporate and brand integrity. Trust is hard won but easily broken.

"With the threat of cyber-attacks and privacy breaches very real and with millions of dollars, corporate reputation and consumer trust at stake, having a risk officer responsible for maintaining internal information and data security procedures help to mitigate that risk. Companies can’t afford to ‘set and forget – as the technology landscape constantly changes.

"The Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022 has now passed both houses of parliament and will beef up privacy protection in Australia by significantly increasing penalties for serious or repeated interferences with privacy, enhancing the Australian Information Commissioner’s enforcement powers, and provide the Commissioner and the Australian Communications and Media Authority (ACMA) with increased information sharing powers.

"The Bill increases the penalty under the Privacy Act for serious or repeated interferences with privacy to $50 million for companies.

"In addition, the Office of the Australian Information Commissioner (OAIC) will have enhanced enforcement powers which will include ensuring that foreign organisations that carry on a business in Australia must meet the obligations under the Act, even if they do not collect or hold Australians’ information directly from a source in Australia."

What role can CMOs play in mitigating risk and ensuring compliance?

"The CMO needs to adopt a preventive compliance model that ensures that the appropriate protocols are in place and clearly understood by those responsible for managing data and personal information. Education and awareness are critical."

What solutions can organisations roll out to ensure they’re compliant?

"With the national focus trained on protecting personal information, having rigorous privacy compliance and protective processes in place will be imperative as consumers and regulators rightfully ramp up their expectations regarding appropriate data collection, use and handling.

"By way of example, ADIA member companies have a long and successful track record in safeguarding respondent data and continue to conduct legitimate research under strict privacy rules that protect confidentiality and prohibit any selling. 

"ADIA member organisations adhere not only to Australia's first and only Australian Privacy Principles (APP) registered industry privacy code but also an industry' Trust Mark' - a seal of endorsement that assures business and government organisations they are buying research that is quality-tested and meets not only ethical standards but also goes over and above minimal privacy legislation. The Trust Mark provides the highest level of protection to companies using research services, and in turn, to consumers.

ADIA Members working under the industry Trust Mark:

  1. Work under Australia's first and only registered (APP) Industry Privacy (Market and Social Research) Code 2021 enshrined in Australian law since 2003. The Code is adjudicated by the Australian Privacy Commissioner and administered by ADIA 
  2. Have an independent annual audit for ISO (International Organisation for Standardisation) certification 
  3. Adhere to the industry Code of Ethics."

Have something to say on this? Share your views in the comments section below. Or if you have a news story or tip-off, drop us a line at adnews@yaffa.com.au

Sign up to the AdNews newsletter, like us on Facebook or follow us on Twitter for breaking stories and campaigns throughout the day.

comments powered by Disqus