This week Qrious was awarded the international gold standard for privacy information management, ISO 27701 certification, in anticipation of Privacy Act changes in December.
This new certification was only recently created and builds on the information security standard, IS0 27001, achieved by Qrious last year. Where 27001 focused on security, ISO 27701 focuses on data privacy and is designed to ensure organisations have the robust processes and systems in place to manage and protect personal data.
According to Nathalie Morris, Qrious CEO, privacy concerns have never been more urgent “New Zealand organisations are at risk of being hit by the perfect data privacy storm. 2020 has seen an explosion in the use of digital platforms with approximately six years of digital transformation in the past six months. That means that Kiwi companies are collecting, storing and using more personally identifiable information than ever before - at the exact same time that the risk and sophistication of privacy breaches has never been greater.
“The Privacy Act comes into effect on 1 December and will shift the onus from the consumer onto any company handling private information. Organisations will need to ensure that they not only meet the requirements of the Act, but can demonstrate privacy protections to consumers, and establish early intervention and risk management plans to identify and manage any privacy issues or data breaches. Consumers are rightly seeking significantly more information and control about how their data will be processed and for what purpose, and the Act responds to these concerns. What were fines for non-compliance, will now carry criminal liability in some cases and mandatory breach notifications. Put simply, the stakes have never been higher,” she says.
Qrious was able to quickly complete the rigorous process for ISO data privacy accreditation and secured certification soon after it was released. According to Stephen Ponsford, Qrious CTO, this is reflective of the quality of the privacy policies and procedures Qrious already had in place and further proof that, as New Zealand’s market-leading data, analytics, AI and data-powered marketing business, Qrious’ number one priority is to keep our clients’ customer data safe and secure.
“Trust and verification of that trust is incredibly important to us. We want our clients to trust Qrious to protect their customer data - and with ISO certification they know that trust is well-placed because external, independent auditors have rigorously assessed us against international best practice,” he says.
According to Ponsford, because data security and privacy are intrinsically linked, ISO certification in both confirms Qrious’ position as industry leaders in this space. As such, Qrious wants to encourage the broader New Zealand data industry to aspire to the same level of data security and privacy maturity that Qrious has attained - with a focus on best practice, as opposed to mere compliance.
The good news for the industry, Ponsford says, is that Qrious is committed to using its learnings from the ISO process to assist other companies: ”It’s important to acknowledge that the perfect system doesn’t exist, but we can support clients to do everything in their power to avoid issues, stop breaches and, should they happen, manage those to the international gold standard. We know what best practice looks like, we understand the new rules and legislation and can assist our clients to comply. Qrious is here to help.”