Customer Data: Are you managing the risks to reap the rewards?
25 July 2024
Customer data presents businesses with substantial opportunities, but also comes with notable risks. Understanding your data and the obligations surrounding this asset class is key to unlocking the value it can bring. In today’s landscape, with competing schemes, and heightened scrutiny by governments and regulatory bodies, organisations face a raft of new and evolving legislation, regulation and guidance globally. There has never been a more critical time to understand your obligations, to ensure the secure and effective use of customer data.
Customer data is a significant asset used by many organisations to undertake market analysis, drive pricing strategies, improve the customer experience, target marketing and gather competitive intelligence. The breadth and extensive scope of customer data maintained by organisations means there is a wide range of regulatory obligations that must be taken into account when collecting, using, storing or disposing of data. Legislative mandates, such as the following, necessitate careful management of individuals’ information in different and competing ways:
Consider the retention of customer data – the current Privacy Act imposes a general obligation to destroy personal information an organisation no longer has a justifiable need to retain. However, other sources impose minimum retention periods for certain records. This intricate web of regulations highlights the challenges in compliantly collecting, using, storing, and disposing of customer data without a robust data governance and data risk management framework in place.
Regulators are increasingly expecting entities to demonstrate how they handle personal information. For example:
Understanding your obligations, data and related governance frameworks and processes is critical to mitigating regulatory risk and scrutiny.
In the wake of recent large scale data incidents, there is an increasing focus by the Australian public and regulators on how personal information and data related to individuals is collected, used, stored and protected. As a result of these concerns, the Commonwealth Government (and several States) are updating their legislation relating to the management of data, particularly the handling of personal information. The most salient example of this is the upcoming reforms to federal privacy legislation. These reforms will be a generational change in how personal information is collected, handled and secured, including how it is used to inform automated decision making processes that directly impact customers.
Read our previous articles in this series:
To learn about how Ashurst can support you to navigate the complex regulatory landscape, please contact us or visit our OMS webpage.
Authors: Morgan Spain, Partner; Chris Baker, Partner; Samantha Carroll, Partner; Sonia Haque-Vatcher, Partner; Leon Franklin, Director and Elizabeth Hristoforidis, Partner.
Carousel: clicking the "Previous" or "Next" button changes the content between the buttons.
25 Jul 2024
Discover more
07 Jun 2024
Discover more
09 May 2024
Discover more
05 Apr 2024
Discover more
To learn about how Ashurst can support you to navigate the complex regulatory landscape, please contact us or visit our OMS web page.
Discover moreThis publication is a joint publication from Ashurst Australia and Ashurst Risk Advisory Pty Ltd, which are part of the Ashurst Group.
The Ashurst Group comprises Ashurst LLP, Ashurst Australia and their respective affiliates (including independent local partnerships, companies or other entities) which are authorised to use the name "Ashurst" or describe themselves as being affiliated with Ashurst. Some members of the Ashurst Group are limited liability entities.
The services provided by Ashurst Risk Advisory Pty Ltd do not constitute legal services or legal advice, and are not provided by Australian legal practitioners in that capacity. The laws and regulations which govern the provision of legal services in the relevant jurisdiction do not apply to the provision of non-legal services.
For more information about the Ashurst Group, which Ashurst Group entity operates in a particular country and the services offered, please visit www.ashurst.com
This material is current as at 24 July 2024 but does not take into account any developments to the law after that date. It is not intended to be a comprehensive review of all developments in the law and in practice, or to cover all aspects of those referred to, and does not constitute legal advice. The information provided is general in nature, and does not take into account and is not intended to apply to any specific issues or circumstances. Readers should take independent legal advice. No part of this publication may be reproduced by any process without prior written permission from Ashurst. While we use reasonable skill and care in the preparation of this material, we accept no liability for use of and reliance upon it by any person.
The information provided is not intended to be a comprehensive review of all developments in the law and practice, or to cover all aspects of those referred to.
Readers should take legal advice before applying it to specific issues or transactions.