Privacy Awareness Week:
A company’s lack of adequate data protection can lead to the loss of valuable information, data breaches, regulatory fines and the loss of the company’s reputation. Recovering from something of this magnitude can often be irreversible and costly. Protecting data however is a complex exercise that is affected by a host of factors especially if the data is accessed by several people; if the volume of data is large; and if the data is accessed or transferred across different countries.
At Grace Information Management we abide by the rules and guidelines set out in the Australian Privacy Act 1988 and the Privacy Amendment Act 2017, which includes the Notifiable Data Breaches (NDB) Scheme.
The NDB requires data collection agencies to notify individuals and The Australian Information Commission (Commissioner) of any data breaches that occur. It is considered an NDB when unauthorised access or disclosure of personal information held by an entity is accessed, lost, or if a disclosure is likely to occur which has the potential to result in serious harm to the individuals concerned, and when the entity is unable to stymie the risk or prevent the harm by any remedial action.
When you use Grace as your business partner, we put in place measures that will reduce, if not eliminate any potential breaches, by adhering to the Records Management Standards (AS ISO 15489) and ensuring our management systems are certified to ISO 9001 – 2000.
The steps Grace takes to ensure that our client’s data is protected to meet the highest standards include:
- Our facilities are closely monitored by CCTV with electronic keypad access to all entry points. Facility access is controlled, and retrieval access is only available to authorised personnel.
- Our warehouse is built to comply with BCA 96 (Construction) and AS 2118 (Fire Suppression) and are constructed from quality materials with fire protection systems. Air quality is checked constantly for smoke content using the very early smoke detection apparatus (VESDA). All buildings are equipped with dry-pipe sprinklers and fire doors with sophisticated fire alarms linked to local Fire Brigades. All sprinklers are tested weekly and maintained in accordance with international standards.
- Electronic systems, CCTVs and door lock systems installed at all sites provide information on who has accessed the site and when. These electronic and hard copy records are maintained for 90 days.
- Collection vehicles are owned by Grace and are operated by full-time, uniformed Grace drivers who have signed strict confidentiality agreements thus ensuring 100% secure Chain of Custody.
- GPS tracking systems are installed in all Grace vehicles enabling real time tracking and monitoring of goods. Driver speed and heavy breaking is also monitored to ensure the safety of the driver, vehicle and contents.
- The tracking systems ensures secure Chain of Custody.
- Information is securely delivered using Grace’s secure tubs, archive cartons, heat-sealed satchels and security seals where required.
- GPS tracking systems and Portable Data Terminals are used to monitor the records’ movements and to track the exact locations of the vehicles.
- Background and National Criminal Checks are conducted with all Grace employees and contractors who are required to sign non-disclosure agreements.
- Quarterly compliance checks are conducted on all approved suppliers.
- Network protection is enforced against potential security threats and by blocking unauthorised third-party applications. Firewalls are in place to filter incoming and outgoing traffic.
- Anti-virus security software is installed at both servers and workstations.
In short, Grace has implemented and enforced all possible protection measures so you can be confident that your data is in the best possible care.