We asked Blue Star DIRECT’s National Process & Compliance Manager, Leana El-Hourani a few questions about the team’s completion of the ADMA Data Pass Certificate and the company’s approach to privacy and data security.
Tell us about your role as National Process & Compliance Manager at Blue Star DIRECT?
I have been at Blue Star DIRECT for 3 years now, and in my current role as National Process & Compliance Manager, I support the business in our commitment to maintaining and complying with data security, privacy and quality, which includes our certifications, staff awareness and system controls.
Our purpose here at Blue Star DIRECT is to be able to give our clients the reassurance that they can trust us with their data in the generation of their multi-channel direct marketing communications. We pride ourselves in our ability to securely receive our customer’s data, cleanse and process it and produce meaningful correspondence which adds value.
I really enjoy my role as it gives me an opportunity to deal with all business units across all our three sites in Sydney, Melbourne and Brisbane.
What was the motivation for having Blue Star DIRECT complete the ADMA IQ Data Pass training?
Through our membership, I found out about the ADMA Data Pass training course. I had recently completed the ADMA Privacy and Marketing Compliance Training Course and was keen to bring a lot of this knowledge into the business.
Our Management Team feel it is our responsibility to educate and support our customers in understanding the obligations all businesses face complying with the Australian Privacy Act and how we do it at Blue Star DIRECT. For this reason we have committed to an ongoing education campaign of meeting our clients face to face, and talking to them about our data security and privacy controls.
It was important that the majority of our staff complete the training so that we could all ‘speak the same language’.
How was the Data Pass training received by staff? What were the after effects?
Dealing with data on a daily basis, the Data Pass training reinforced our knowledge and processes around our data management practices and helped us understand the why’s of some of them also. The ADMA Data Pass training not only focusses on traditional topics such as the handling, use and disclosure of information, but also touches on newer topics such as the recent Data Breach Notification requirements as well as electronic and online data handling. Our staff definitely found doing the Data Pass course good value.
What are your next steps in the area of compliance?
We would like to engage with our customers directly and help them implement tighter security controls around how they manage data, whether it’s through how they send it to us, what they send to us, and how long we keep it for. Understanding Data Pass helps us to ask the right questions to our customers. We are working on a checklist for them right now.
We also maintain our ISO 27001 standard in Information Security and conduct annual ISAE 3402 (SOC2) assessments to keep us honest! We have also undergone IRAP certification which is about government controls (ISM) which means we have even tighter security controls than what most businesses do.
We see data security, quality and privacy as an investment, we spend millions of dollars annually in accreditations to prove to our customers that protecting their data is paramount to our business and will continue to do so.
What are your primary concerns when it comes to data?
Worrying about our own data is one thing, but being responsible for the data of your clients is another. Because our core business relies on our ability to protect our customer’s data through the process of sending multi-channel communications, we have made this our business priority. We conduct Risk Assessments on a regular basis on our environment, people and processes to ensure that nothing is left to chance.
We want our clients to trust that we manage the confidentiality, integrity and availability of their data and our systems to the highest industry standards.
What other actions are you taking in educating the Blue Star DIRECT team on data?
Following on from ADMA Data Pass, we are currently working on using the great knowledge we’ve gained to send out weekly Security Tips to all staff to remind them of some of those interesting statistics, thought provokers and compliance requirements, as well as building our Integrity brand which incorporates all our Compliance Commitments – more details here: www.bluestardirect.com.au