The month of May is set to put a spotlight on the issue of data management and privacy, something that is of particular importance given the string of cyber breaches and information mishandling we’ve seen documented in the media over the past six months.

This Privacy Awareness Week (May 1-7) and Information Awareness Month, it’s time for businesses to look inward and consider how much useless and unnecessary information they're hoarding, not only for the safety of its customers, but for financial management as well.

We are at the height of a cost-of-living crisis and so, naturally, businesses are tightening their belts.

Very rarely is data storage considered when businesses are considering cost cutting measures, more often than not because their IT departments assure them it is cheap and nothing to worry about.

But what if I told you that there is a lot more cost involved than meets the eye?

The cloud isn’t everything

Australian businesses are wasting millions of dollars on storage and resources to manage spiralling information.

Perhaps this is because of laziness, or maybe this is due to fear of compliance.

What this means is many organisations are data rich but information poor, as data is meaningless if not managed and utilised to form accurate and reliable information.

Just keeping information in storage does not make it usable or retrievable and it certainly doesn’t make the business compliant with records retention laws.

This is where the cost is high and information is lost.

What’s the true cost of privacy?

It’s not just about storage, it’s about managing that information and too many businesses are allowing this to spiral and keeping information for the sake of keeping it.

To put it simply, the more unnecessary data you hoard, the higher the risk of privacy breaches.

According to the latest Annual Cyber Threat Report 2021-2022, the Australian Cyber Security Centre recorded a staggering 76,000 cybercrime reports - a 13 per cent increase from the previous financial year.

Can you really put a price tag on that?

The way forward

The good news is, there’s lots you can do to manage your data effectively, whilst complying with retention laws.

This starts with taking several steps to manage your business and personal data more effectively:

1. Determine what data you have: Make a list of all the data you currently have, including what type of data it is, where it's stored, who has access to it, and how it's being used.

2. Prioritise your data: Determine which data is most important and prioritise it accordingly. For example, financial data and sensitive personal information should be given higher priority.

3. Implement appropriate security measures: Implement appropriate security measures to protect your data from unauthorised access, such as firewalls, encryption, and multi-factor authentication.

4. Back up your data regularly: Regularly back up your data to ensure that you can recover it in the event of a system failure, natural disaster, or cyber-attack.

5. Develop a data retention policy: Develop a data retention policy that outlines how long you will retain different types of data and how it will be disposed of when it's no longer needed.

6. Train your employees: Train your employees on how to handle data properly, including how to protect it from unauthorised access and how to dispose of it properly.

7. Monitor your data regularly: Regularly monitor your data to ensure that it's being used appropriately and that there are no unauthorised access attempts.
   
   

By taking these steps, you can effectively manage your business and personal data while complying with relevant laws and regulations.

This month (May 29) all information and records management bodies will get together off the back of Information Awareness Month at Public Records Office, Victoria.

Here businesses can access the experts who are able to assist in allowing you to understand how to manage your information more effectively and unpack the issues relating to privacy and cyber breaches.

We’ve seen the impact of waiting until it’s too late - take the recent Optus, Medibank and Latitude cyber breaches for example.

So, if you’ve been putting it off, this is your sign. Whether you’re a large corporation or a small family business, personal records are personal and it’s time we value them for what they are truly worth.

For more event info, visit https://www.rimpa.com.au/events/ems-events-calendar/iam-symposium.html

Anne Cornish, CEO Records and Information Management Practitioners Alliance (RIMPA)