July 2023
Purpose
Thirst Creative Pty Ltd recognises the importance of secure data handling, privacy protection, and reliable backup systems to safeguard sensitive and private data. This policy outlines our commitment to best practices in data management and backup procedures, ensuring compliance with Australian laws and regulations.
Scope
This policy applies to all employees, contractors, and third-party service providers of Thirst Creative Pty Ltd. It covers all private and sensitive data managed by Thirst Creative, including but not limited to client data, employee information, and proprietary business data.
Data Handling Procedures
Access Control: Access to sensitive and private data is strictly role-based and is managed through secure authentication systems. Thirst Creative utilises Google Drive for secure storage, with access controls set to ensure that only authorised personnel have access to specific data types based on their job function.
Third-Party Service Access: Access to third-party services, crucial for operational efficiency, is securely managed through 1Password. This includes secure storage of login credentials and sharing based on defined user roles and permissions.
Data Encryption: All sensitive data stored and transmitted by Thirst Creative is encrypted using industry-standard encryption protocols to protect against unauthorised access and data breaches.
Data Minimisation: Thirst Creative adopts a data minimisation approach, ensuring that only necessary data is collected and stored for the required duration, aligning with privacy laws and regulations.
Backup Procedures
Regular Backups: Thirst Creative conducts regular, automated backups of all critical data to secure, encrypted, off-site storage locations to ensure data recovery in the event of accidental deletion, corruption, or disaster.
Backup Testing: Regular testing of backup integrity and recovery procedures is conducted to ensure rapid restoration capabilities in the event of data loss.
Data Retention and Deletion: Consistent with legal requirements and industry best practices, Thirst Creative maintains a data retention schedule that outlines the duration for which data types are retained. Upon expiry, data is securely and permanently deleted.
Compliance and Review
Thirst Creative is committed to complying with the Australian Privacy Principles (APPs) and any relevant data protection legislation. This policy will be reviewed annually and updated as necessary to reflect changes in legal requirements, industry best practices, and operational procedures.
Responsibilities
Employees and Contractors are required to adhere strictly to this policy, ensuring the secure handling of data and compliance with defined backup procedures.
Management is responsible for enforcing this policy, conducting regular audits to ensure compliance, and overseeing the training of staff on data handling and backup procedures.
Discipline
Violations of this policy will result in disciplinary action, up to and including termination of employment or contracts, depending on the severity of the breach.
Policy Review and Amendments
This policy is subject to review annually or more frequently if significant changes in operations or regulations occur. Amendments will be made to ensure continued compliance with Australian laws and best practices in data handling and backup management.