Posts by kat

The Privacy Act 2020 introduces new requirements for your organisation in the event of a privacy breach. A key requirement under the new Act is ensuring you are actively minimising the risk of privacy breaches. At a bare minimum, we recommend that you have a robust employee Computer and Information Security Policy and two-factor authentication for access to your company systems. 

Before we go into detail on these two protections, let’s take a look at what to do in the event of a breach. 

What is a privacy breach? 

A privacy breach occurs when there is unauthorised or accidental access to someone’s personal information or disclosure, alteration, loss or destruction of personal information. 

What to do in the event of a privacy breach? 

Being open and transparent with people about how you’re handling their personal information is a fundamental rule of privacy. 

1. Contain 

In the event of a privacy breach, try and get the information back. You can also disable the systems that allowed the breach (e.g. a lost cell phone or laptop). 

2. Assess 

Assess whether the breach has or may cause serious harm to determine if the breach is notifiable. Consider: 

– Any actions taken to reduce harm. 

– Is the information sensitive? 

– Type of harm the person may experience. 

– Who has the information? 

You can also use the self-assessment tool on the Privacy Commissioner’s website to help your assessment. 

3. Notify 

If a privacy breach has caused, or is likely to cause, serious harm you will need to notify: 

– The Office of the Privacy Commissioner 

– Affected individuals 

– Third parties (e.g. the police) if applicable. 

4. Prevent 

The most effective way to prevent future breaches is to have a well-thought-out and implemented Computer and Information Security Policy. 

Examples of a privacy breach? 

Scenario 1 

A receptionist at a medical centre regularly has client information on their screen, including their name, address, outstanding fees and dates of their last five appointments. Staff, patients and visitors are able to see their screen from the waiting areas. 

Notifiable? 

Yes. You will need to notify patients and the Office of the Privacy Commissioner. 

Solutions:  

– Staff training to lock their computer when not in use. 

– Privacy screens for laptops and monitors to shield screens from viewers other than the user. 

Scenario 2 

An employee for a business consultancy firm misplaces a USB drive. On the drive are some working files detailing client applications for funding, including name, address, contact details and asset/debt information. 

Notifiable? 

While the information lost is sufficient to make this a notifiable privacy breach, if you are able to recover the USB drive and are certain no one else has accessed the information, no privacy breach actually occurred. 

Solutions: 

– Computer Security Policy detailing how information is stored and transported. 

Scenario 3 

An employee accidentally sends an email to the wrong “Stephen” confirming an upcoming meeting. 

Notifiable? 

Unless the meeting topic and contents of the email disclose sensitive information, this is not a notifiable privacy breach. 

Solutions: 

– Employee training. 

Scenario 4 

An employee loses their phone at a networking event. Their phone has Outlook, Teams and access to OneDrive. 

Notifiable? 

While the information that can be accessed on this phone is likely sufficient to make this a notifiable privacy breach, if you are able to recover the phone and are certain no one else has accessed the phone, no privacy breach actually occurred. 

Solutions: 

– Strong password or access via fingerprint. 

How to protect against privacy breaches 

There are two basic “must-haves” for minimising the risk of privacy breaches.    

A Computer and Information Security Policy details how information within your organisation is stored, handled and accessed. It also lays out the rules for how your staff use and secure their computers and other devices such as smart phones. If you would like a copy of our Computer and Information Security Policy template, click here. 

Two Factor Authentication (2FA) is a must have for securing information. When you apply 2FA to your systems, your staff must present two pieces of evidence proving they are who they say they are. Typically these two pieces of information are: 

1. A password. 

2. A verification code that is sent to their phone and then entered into the programme. 

If you would like us to help set up 2FA on your systems, please get in touch. 

Christchurch IT business owner, Alex Brouwer, has noticed the surge in customer requests related to Office 365, since New Zealand went into lockdown. “Most people are adjusting to working from home really well and have the software basics down,” Alex observes. “But these programs have a bunch of great features and tools that many don’t know about.”

The ethos of Alex’s Hornby-based company is “Let’s Make IT Simple.” In this vein, Alex and his team share the top 5 quick tips to make the most of Office 365 when working from home.

---

1. Download the Applications

All Microsoft 365 products, like Teams, Planner, Sharepoint etc. have both desktop and online versions. We can’t stress this enough… download the desktop version.

The Desktop versions come with a lot more features that enable you to really personalise your experience.

---

2. Personalise your Notifications

One of the biggest productivity drains is notifications. Every time an Outlook or Teams notification pops up on your screen, your brain is distracted. This may be briefly while you read the notification, or longer term if you stop what you’re doing to click over to another program and read and respond to the message.

Messages in Teams don’t require an immediate response. A better idea is to turn off notifications and check your Outlook or Teams periodically. In Teams, you can use your Activity feed to get up to speed with what’s happened while you’ve been busy.

---

3. Quiet Hours

If turning off notifications doesn’t work for you, try Focus Assist. If you want an hour or two of peace from interruptions, you can turn off interruptions using the Windows feature Focus Assist. This is also helpful if you’ve got one computer you use for personal use outside your work hours.

To find Focus Assist, tap your Windows key on your keyboard and start typing Focus Assist.

---

4. Use Headings in Teams Channels

Unfortunately, this feature is not very intuitive, but it’s definitely something you should be doing to make conversations and topics easier to find.

When starting a new conversation in a channel, click the Capital A icon at the bottom left. This will bring up a New Conversation window similar to a new email. Enter an informative Subject.

---

5. Forward Email to Teams Channel

If you’ve received an email that you want to share with your colleagues and get their feedback on, sharing that email to a Teams channel is a great way to further reduce digital noise.

By using Teams in this way, you:

1. reduce the number of emails clogging up your inbox.
2. keep all discussion in one location.
3. enable a coherent and unified response to be created before replying.

---

6. Blur the Background in Video Conferences

This is possibly the greatest feature in the current work-from-home environment! If your home “office” is your dining table or in your bedroom, you probably don’t want your work colleagues seeing your unmade bed or the piles of laundry you haven’t put away yet.

Blur background means you’re the only thing in focus during video calls. Not only does it give you peace of mind, it means there aren’t as many distractions for the other people in meeting.

---

7. Scheduling Meetings with External Staff

How many times have you gone back and forth trying to find a time that suits to hold a meeting? This becomes especially difficult if your meeting involves partners outside your business.

Thanks to FindTime, you can offer meeting attendees options for a meeting time and let them vote on which one suits them best.

Check out this awesome feature below!

---