Information security – a lesson from the web

Information security of customer information has always been a priority for organisations, particularly those organisations that are in the market of managing information of customers.

It was with interest that I read today about the possibility of a large number of customers social security numbers (an important number in the USA, akin to the TFN number in Australia) being inappropriately disclosed on the outside of an envelope to the customers.

The risks surrounding privacy of customer information have always ranked as one of the highest and most important risks for all organisations, and it is therefore amazing to read about such incidents.  What we always forget in managing this risk is that the real underlying risk is the human error potential surrounding the risk being realised.

So, in managing the risk surrounding privacy, we should not just focus on making sure our systems encrypt and secure the data but also look at the “simple” way we use data and ensure every time we extract data and use it, we think of the privacy elements of the data being used.

Sounds obvious and simple, but alas seems to always come back in some story or article around customer information being used incorrectly.

Cheers,

More from the Reading Room

The Qantas privacy finding: a positive lesson in third-party oversight

A serious data breach does not automatically mean governance failed. The more important question is whether an organisation can demonstrate that it understood the risks,...

APRA’s CPS 230 Tweaks: Small Amendment, Big Governance Signal

APRA has released final targeted amendments to CPS 230 Operational Risk Management. The item is current and sits within APRA’s prudential framework, so boards and risk teams should treat it as a live governance and…

“Cheap and Out of Date”, a Board-Level Resilience Question

A practical risk maturity article using a current event to test ownership, evidence, controls, challenge and decision quality.

Everyone Passed. That’s Not the Point.

APRA's inaugural System Risk Stress Test found four major banks and six super funds individually resilient, but exposed concentration risk and a super-fund liquidity mechanism that could amplify a system-wide shock.