Privacy and compliance in data management.

Infolog was designed with input from multiple organisations, including people in senior management, privacy officers, and risk and assurance experts.

The Infolog Way focuses on organisational data management by design and by default. Our vision is to reduce risk while increasing the speed and value achieved by our customers.

To us, information management is the key component, not just selling information to users.

We accepted immediately that Infolog’s information services needed to be built around the real-world needs of clients.

Information is the lifeblood of the decision process in most business processes. We incorporated this into how we designed our systems and manage our data. Infolog clients enjoy the ability to easily visualise and control information across all business units. It’s a business advantage that enhances workflow and productivity.

The Portal has many in-built audit, privacy and compliance features which help protect both the user and the client organisation.

Full usage and reporting options providing detail at every level: organisation, group, cost centre, query type, file or user. These are all available and exportable to csv.

API usage is also captured in the audit trail.

The goal was simply to help them to do their job better. People want to make good decisions and feel satisfied with the work they do. Click to read our what our clients say.

Users appreciate the access to quality data and functionality which helps them do their job well.

The organisation enjoys increased productivity while being able to ensure that access is for ‘fit and proper purpose’ only.

Our customers enjoy reduced regulatory and business risk, while enhancing their productivity and reducing costs.

How Infolog can help you?

With Infolog, you can set up customised search pages for employees and work groups. They can then quickly find the information they need, without trawling through multiple screens and juggling different logins. The result: more efficient searches, lower costs, and a lot less time wasted. This customised set-up also protects you from one of your biggest risks – leaky data.

Using simple management tools, you can manage each group and the users within it, to control access to a range of information services.

Infolog also provides a complete audit trail, so you can see who has accessed all data.

This is a vital tool that can help you manage compliance and meet legal requirements for privacy.

With a single view of information across all business units, you can identify best practice and build smarter business processes

Why does this matter?

The current New Zealand Privacy Act is being rewritten. Infolog believes the updated Act will contain much stronger direction on the basics of Data Collection, Access, Use, and Control. Reporting data access breeches will also likely become mandatory.

The penalties for not managing these requirements, and getting it wrong, are also likely to increase. Liability and penalties will be directed at the organisation and managers.

Although our new Privacy Act still in submission stage the Privacy Commissioner’s Submission on the Privacy Bill (posted on Friday 01/06/2018) give very clear indication that Organisations will need to show how they ‘actively manage information’. Or as they put it;

  • Enhanced agency accountability for compliance on the steps they have taken, or propose to take to ensure compliance with their privacy obligations.
  • Proactively identify and address systemic compliance issues in the absence of a specific breach or incident.
  • The Commissioner may, at any time, require an agency to report to the Commissioner in writing, as the Commissioner may reasonably require, on the steps the agency has taken or proposes to take to ensure its ongoing compliance with the Act.

You need to consider what information you are accessing, and any compliance requirements for accessing that particular data source. The Infolog Portal has many in-built features to help you with this.

The EU’s new General Data Protection Regulation (GDPR) came into force on 25 May 2018.

GDPR imposes new rules on organisations in the European Union (EU) and those that offer products and services to the people in the EU, or those that collect and analyse data to EU citizens, no matter where they are located. That means companies outside of the EU could also be affected.

GDPR does not require foreign national governments to pass any enabling legislation and so it is directly binding and applicable.

Any organisation that doesn’t comply can face a fine up to 20 million Euros or 4% of their global annual turnover – whichever is highest.

The stated purpose of GDPR is to give control of the information businesses hold on individuals back to those individuals. It also sets higher standards in transparency, accountability, and record-keeping. Organisations will need to be more transparent about how they handle personal data, while also actively maintaining documentation and defining processes around the use of personal data.

For some guidance we suggest the following factsheet provided to Asia Pacific Privacy Authorities (APPA). These documents are on the New Zealand Privacy Commission site.

 

New Zealand Trade and Enterprise have also prepared a useful guide on the principles of GDPR.