Have you considered how your audio files and documents are handled and where they end up, or even whether there are copies made? Audio files and documents that often involve very sensitive client data. With the recent prominent hacks like Medicare, Woolworths and Optus it should serve as a strong reminder of security principles. The Hackers Inc Four Corners episode showed how endemic and structured corporate targeted hacking has become.
For some time Australia has had good legal framework for data protection. While Australian organisations need to beef up their security practices, the Australian Government has good legal policies, frameworks and data requirements for protection. Since 2018 we have had the Notifiable Data Breaches scheme which requires medium and large organisations to notify affected individuals, as well as the Office of the Australian Information Commissioner (OAIC), of serious data breaches. Should a breach occur an organisation will likely need to demonstrate how their practices complied with Australian Privacy Act and its 13 Australian Privacy Principles, which can feel onerous. One of the easiest measures an organisation can take is to simply ensure your data is always held within Australian jurisdiction because as soon as you hold or send your data off-shore it becomes your responsibility to perform due diligence and ensure those entities are meeting these standards. If providers are even aware of the Australian Privacy Act do they then use secondary service providers? Where are their backup servers located and what are their data retention periods? What laws apply where the data is held in that jurisdiction? Could it even breach Australian legislation? What staff access levels are given? Do they have remote workers or subcontractors located in yet more legal jurisdictions? It starts to feel endless. So is there an easy solution? The biggest and also easiest factor any company can do to reduce their risk of non-compliance with Australian requirements is rather simple, ensure you keep your data in Australia 100% of the time. Keeping it inside Australia put the onus back on the service provider. I get the appeal of saving some money using cheaper off-shore providers but those savings come with some significant risks. Now if you are not dealing with any personal or sensitive data, like just needing a public podcast transcribed, then of course, knock your socks off and use cheap providers as long as their quality is acceptable. Our other service provision, scribeout.com offers a cheaper off-shore solution for times like this. But when security and accuracy does matter, then keep it in Australia. OutScribe has always adhered to this practice and have only ever used Australian based workers.
|