Communicating Professionally

Submitted by sylvia.wong@up… on Tue, 07/26/2022 - 19:09

We may know what we need to communicate, but we need to make sure that we communicate and present information professionally whilst at the same making sure that we are compliant with the organisations' policies and procedures. 

In this chapter, we will look at how to do just that. 

By the end of this chapter, you will understand: 

  • What information is confidential and why 
  • How to handle confidential information 
  • The fundamentals of Australian Privacy Rights
  • Organisational policies and procedures 
  • Ethics in communication.
Sub Topics

It is important that you understand the requirements for how we handle, store and share information that is considered confidential. For any organisation, policies that set the standard for keeping information confidential are important. Information needs to be managed within the workplace and may be subject to confidentiality based on such policies. 

  • Privacy: This refers to the right of individuals to have some sort of control over how their personal information is collected, used and shared.
  • Confidentiality: It is our duty to keep personal and restricted information secret.

Respecting the privacy rights of a client involves: 

  1. Establishing and respecting professional boundaries 
  2. Ensuring that you are clear about the information that should be both respected and treated as confidential 
  3. Keep notes separate from relevant individuals 

The workplace should have a confidentiality agreement to ensure that a customer’s personal information is only shared with appropriate personnel or where they give consent. Personal Identifiable Information (PII) Personal Identifiable Information is commonly defined as any data that can be used to identify a specific person. This information can be sensitive information or non-sensitive information. Sensitive information is information that, when shared with an unauthorised party or one that is not protected properly, could cause harm to an individual. A common example is identity theft. Personal Identifiable Information includes: 

  1. Names 
  2. Addresses 
  3. Emails 
  4. Birthdates 
  5. Medical records 
  6. Credit card numbers 
  7. Financial statements 
  8. Passport numbers 
  9. Social security numbers 
  10. Drivers licenses 
  11. Vehicle plate numbers 
  12. Biometric data such as handwriting, fingerprints and photographs 
A young professional using multiple devices in an office

Classification of Information  

As we discussed earlier, Personal Identifiable Information can be sensitive or non-sensitive. An organisation’s best practice when handling information is to classify information into three separate categories:

  • Public data
  • Private data
  • Restricted data

Let us take a closer look at each classification.

Public Data  

Accessible to the public. There is no level of protection for this information.

Examples include:

  • Data found in newspapers
  • Public records
  • Telephone directories
  • Business directories
  • Social media platforms
  • Websites
Private Data

Secondary information is not accessible to the public without consent or provided directly by the subject. Requires a moderate level of protection.

Examples include:

  • Date-of-birth
  • Home address
  • Phone number
Restricted Data

Highly restricted information and is not accessible to the public. Requires the highest levels of protection. Examples include: 

  • Social security numbers
  • Credit card details
  • Medical information, etc.

Sets of data should be categorised according to the highest level of data that is accompanying the data set. 

Note: A set of data that includes an individual’s name, date of birth, workplace and social security number should be classified as restricted since the social security number falls in the restricted data classification.

Handling Information  

Every organisation will have its own process and stages regarding handling information, from collecting information to the time it is not needed and disposing of it. 

A diagram explaining handling information

This process includes: 

Collect, Create and Receive   

  • Define the data and source 
  • Determine the required data and how it will be collected 
  • Receive and interpret the data and transform it into information 
  • Follow the correct practice when collecting personal information 

Organise and Store 

  • Determine the format. How will the data be represented in the information system? 
  • Categorise the info so that it is easily understood 
  • Store the information in an appropriate location, such as shared drives, intranet or other secured company databases 
  • Follow security guidelines for storing information 

Use and Share

  • Send and receive information through channels and formats. This should be appropriate to the message, purpose, and user needs. 
  • Follow legal and organisational requirements for using, maintaining and sharing information. 
  • Protect and restrict access to personal, confidential and classified information.

Dispose 

  • Dispose of information that is no longer required for legal, business or operational purposes 
  • Destroy any confidential information 
  • Archive info as needed

Note: Any document that contains customer information, such as name, address, contact information, social security numbers, etc., must be destroyed properly into a shredder or a secured shred bin.

Australian Privacy Rights   

Laws and regulations that have been created by government bodies outline how organisations will protect the confidentiality of information. The Office of the Australian Information Commissioner outlines the Australian Privacy Principles (APP) that apply to any organisation or agency that the Privacy Act (1988) covers. There are 13 Australian Privacy Principles, and they govern the standards, rights and obligations around (OAIC, 1988): 

  1. The collection, use and disclosure of personal information 
  2. An organisation or agency’s governance and accountability
  3. Integrity and correction of personal information 
  4. The rights of individuals to access their personal information

The list below is a quick reference guide to the Australian Privacy Principles. It references each privacy principle and what it covers. 

A Summary of Australian Privacy Principles  

  1. Open and transparent management of personal information Ensures that APP entities manage personal information in an open and transparent way. This includes having a clearly expressed and up-to-date APP privacy policy. 
  2. Anonymity and pseudonymity require APP entities to give individuals the option of not identifying themselves or of using a pseudonym. Limited exceptions apply. 
  3. Collection of solicited personal information Outlines when an APP entity can collect personal information that is solicited. It applies higher standards to the collection of ‘sensitive’ information. 
  4. Dealing with unsolicited personal information Outlines how APP entities must deal with unsolicited personal information. 
  5. Notification of the collection of personal information Outlines when and under what circumstances an APP entity that collects personal information must notify an individual of certain matters. 
  6. Use or disclosure of personal information Outlines the circumstances in which an APP entity may use or disclose personal information that it holds. 
  7. Direct marketing An organisation may only use or disclose personal information for direct marketing purposes if certain conditions are met. 
  8. Cross-border disclosure of personal information Outlines the steps an APP entity must take to protect personal information before it is disclosed overseas. 
  9. Adoption, use or disclosure of government-related identifiers Outlines the limited circumstances when an organisation may adopt a government-related identifier of an individual as its own identifier or use or disclose a government-related identifier of an individual. 
  10. Quality of personal information An APP entity must take reasonable steps to ensure the personal information it collects is accurate, up to date and complete. 
  11. Security of personal information An APP entity must take reasonable steps to protect the personal information it holds from misuse, interference and loss and from unauthorised access, modification or disclosure. An entity has obligations to destroy or de-identify personal information in certain circumstances. 
  12. Access to personal information Outlines an APP entity’s obligations when an individual requests to be given access to personal information held about them by the entity. This includes a requirement to provide access unless a specific exception applies. 
  13. Correction of personal information Outlines an APP entity’s obligations in relation to correcting the personal information it holds about individuals. 
Resource  

Australian Privacy Principles quick reference  18

Since the APP is a principle-based law and it gives us the flexibility to tailor our information handling practices to our specific business models and the diverse needs of individuals. A breach of an Australian privacy principle is a direct interference with the privacy of an individual and can lead to regulatory action and penalties. 

Note: Our main goal is to protect the privacy of the individuals we serve and to hold a good reputation in doing so.

Data Classification  

Complete the following activity making sure to keep notes for your future reference, as this information will support you in your assessment and professional practice. 

In your own work document or workspace, Create a table like this one:

Public Data Private Data Restricted Data
     
     
     

Review the data sets in this section and categorise them to their correct data classification. Are they public Data, Private Data OR Restricted Data? 

  • First name, last name, zip code and date of birth
  • Financial records
  • Place of business
  • First name, last name and social security number
  • First name and last name
  • First name, last name and date of birth
  • Credit card numbers
  • Zip code
  • Date of birth
  • Business phone number
  • First name, last name and email address
  • First name, last name, business phone number and personal email address
A manager reading a company policy document

Within an organisation, the policy outlines the principles of what will be done. The policy document states the principles behind the organisation's views on specific subjects. For example, the organisation's vision sets the overall culture; then the specific policies build on that for a specific area. An organisation may have a privacy policy and document management policy, and so on, yet both will relate to the organisation's vision.

Procedures are related to a policy. They set out how the organisation wants things done, generally concerning a policy area. For example, a machine's Safe Operating Procedure (SOP) will relate to the Safety Policy. There may be a procedure on how the organisation manages its paper waste and a separate one for liquid waste – each of these procedures will relate to the Sustainability/Environment policy.

Policies and procedures are generally set, so everyone knows what they are. Often the organisation has a system to store these documents (such as electronically on an intranet or hard copies in a folder held locally) and also a system to check that the documents are current and valid. They are often reviewed regularly (annually in most cases); new policies/procedures follow the same format as all others within the organisation.

Procedures formats can vary from wordy documents that explain the procedure to graphical documents using flow charts and diagrams to explain what needs to be done. A Safe (or Standard) Operating Procedure (SOP) is also a procedure.

How each organisation formats such documents also varies, as does the terminology with the document. Some may talk about 'Goals' and 'Objectives'; others may view these as the same thing. However, most organisations have accepted templates for developing policies and procedures. The critical aspects are that:

The document is 'fit for purpose', that is, suited to what and who it's designed for. So, for example, it may be best to create a flow chart to explain the number of steps that must be taken instead of words.

The document meets the organisation's requirements. In many cases, the documents will become part of the way things are done and are therefore subject to audit and review requirements of the organisation. If tools and templates are available, these should be used. (If the current tools and templates are unsuitable, then the due process needs to be completed to add the new template to those available).

Policies and procedures may be separate documents, but they are also interlinked. For example, the organisation may commit to addressing environmental issues; part of this may be developing suitable policies and related procedures. Alternatively, the policy may have been developed at a higher level, and as part of its implementation, the relevant procedures must be developed and circulated. 

Examples of policies and procedures affecting communications may include:

Communication Policy and Procedures  

Stipulates the channels of communication for use in the organisation, determines their intended purpose, and the roles and responsibilities of staff in accessing and using them.

  • Acceptable use of Communication channels 
  • Communication Objectives
  • Communication Channels
  • Communicating Confidential information 
  • Compliance with policy
  • Meeting Etiquette and process.
  • Non-acceptable use of Communication channels
  • Use of email
  • Use of Intranet
Confidentiality Policy and Procedures  

Ensures confidentiality is maintained concerning both organisational and client information where necessary. Can relate to:

  • The definition and nature of confidential information
  • Defining the roles of people handling confidential information.
  • Collection of confidential information
  • Access to confidential information
  • Disclosure of confidential information.
A close view of a person typing
Document Management Policy and Procedures  

Defines the organisation's approach to developing, reviewing, naming and controlling all documents, including tools, forms, resources, policies and procedures. Can include: 

  • Document Storage and Development
  • Document Development and Reviews
  • Document Approval
  • Document Development
  • Document Approval
  • Document Storage
  • Saving Approved Versions
  • Version Control
Privacy Policy and Procedures  

Designed to ensure that the organisation collects, stores, and secures personal information it holds on individuals meets the legal requirements of the Australia Privacy Act 1988 and its associated Australian Privacy Principles:

  1. Open and transparent management of personal information
  2. Anonymity and pseudonymity
  3. Collection of solicited personal information
  4. Dealing with unsolicited personal information
  5. Notification of the collection of personal information
  6. Use or disclosure of personal information
  7. Direct marketing
  8. Cross-border disclosure of personal information
  9. Adoption, use or disclosure of government-related identifiers
  10. Quality of personal information
  11. Security of personal information
  12. Access to personal information
  13. Correction of personal information.
    Can relate to:
    • Access to and correction of records
    • Amendment to records
    • Collection of information
    • Complaints about privacy
    • Disclosure of information
    • Email marketing
    • Storage and use of information
    • Privacy notices
    • Request to access records
Information Technology Policy and Procedures   

Defines how an organisation's computers, information and technology are used. This policy ensures that emails, internet usage and other electronic communication are properly used at all times and that the organisation is protected from actions of fraud, error, defamation, discrimination, harassment and privacy violation. Can relate to:

  • Acceptable use of systems 
  • Accessing cloud-based storage systems
  • Accessing software programs 
  • Computer login and accessing the computer system
  • Confidential information 
  • Compliance with policy
  • Email use and access 
  • Liability 
  • Monitoring 
  • Non-acceptable use of systems 
  • Resolving equipment faults
  • Storage of information 
More examples 

For more information about policies and procedures and example documents and templates you can use, visit the website of the fictional company CBSA (Complete Business Solutions Australia). CBSA is a simulated online business that supports you to become workplace-ready. 

Organisations need to address privacy on various different levels, from handling employee data to the use of mobile devices and the treatment of customer information. Having the right policies in place can make all the difference. In this section, we will review tips for creating policies for your organisation.

Developing Policies   

Creating a privacy policy should be a simple process. If the information is too complicated, it may lead to misinterpretation of the information, and that is the last thing you want when dealing with policies and regulations.

You will want to be sure to:

Make the policy easy to read, understand and easy to locate on your organisation’s website. Your customers need to be able to trust you, so being transparent and making the policy accessible puts your customers at ease when they are asked to provide their information.

Train your employees on the information that is in your privacy policy. Customers may have concerns or questions on how your organisation utilizes their information, so be as inclusive as possible about the information policies your organization has in place.

In addition to your customers, be sure that you share your privacy policy with your stakeholders, policymakers and investors. They should all be certain that they are in charge of their personal information. Evaluate and Update Policy.

Things are constantly changing around us, so it is important to keep up with current events and technology and to ensure that the policy is relevant to any changes you make in your regular business practices and legal requirements. Be sure to disclose to your customers when such changes have been made and provide them with updated documents.

Ensure that your policy is compliant, but also make sure that it makes sense. The language in your policy should be consumer-friendly and written for an individual who is not a lawyer or expert in the field of law (for example, do not use legal jargon, acronyms or other unusual wording).

While policies regarding confidentiality and privacy are likely to be similar between organisations, each workplace may differ in its approach to meetings, negotiations and presentations. Keep in mind that while privacy and confidentiality policies are relevant in these settings, there may be additional policies or procedures in place as well. Below are some examples of items that may be present in meetings, negotiations or presentation policies: 

  • Team leaders to chair and conduct negotiations 
  • Which employee or director is to chair formal meetings 
  • Presentations to important clients to be conducted by team leaders
  • Relevant department heads to be present in supplier negotiations, meetings and visits

Additionally, an organisation may include some of the following items in these policies to encourage participation and professional growth:

  • Regular team sales meetings are chaired by a different person each week
  • Monthly presentations showcasing each department’s wins
  • Junior team members to be present during negotiations and de-brief with their managers afterwards

Think

What policies relating to meetings, presentations, or negotiations have you worked with previously? Have they been helpful in setting expectations for these events?

Case Study Jillian

A young professional working on a tablet device in a modern office

Jillian works for an insurance company handling customer accounts.

Every week Jillian is required to take all of the paper applications that customers have completed with their personal information and enter the customer data into the secure database before disposing of the paper documents.

This week Jillian is going out of town in the morning and wants to get home early to finish packing for her trip.

After she finishes entering customer information into the company database, she takes all of the paper applications and throws them in the trash can.

Jillian is glad she got her work done in such record time; she can now get home and finish her packing for her trip.

Answer the following questions n your own work document or workspace for your future reference, as this information will support you in your assessment and professional practice. 

  1. Was this the proper way to dispose of the documents?
  2. What process should have been followed?

When it comes to communication, ethics enhances credibility and improves the decision-making process, which also allows us to communicate with a basic understanding of what is expected in the workplace. The same level of understanding in ethics applies to all forms of communication, including verbal, written and digital. 

Codes of ethics are important in any organisation. They benefit both the workplace and individuals by:

  • Reinforcing the organisation’s standard of conduct
  • Reminding staff of ethical issues and correct
  • standards
  • Identifying practices that are and are not allowed
  • Allowing leaders, managers and others to share
  • Experiences and ideas about what is and is not an
  • Ethical position
  • Developing a shared culture based on ethics and
  • Accountability

Stakeholder Mapping  

As a manager, you may need to deal with external and internal stakeholders.

  • Internal stakeholders are usually those that are within the business, such as employees and managers
  • External stakeholders exist directly outside of the business, and they are not affiliated with the business

Stakeholder mapping allows you to identify key individuals and target groups to then meet the objectives of the company. As a manager, you will need to present various types of information. It is important to recognise your stakeholders to then know the most appropriate way(s) to present this information. 

A diagram showing stakeholder types

The following types of stakeholders are included below:

  • Apathetic Stakeholders: Have low interest and low power and should be monitored by the project manager. 
  • Latent Stakeholders: Have low interest but high power; they are those who need to be satisfied by the outcome of the project. 
  • Defender Stakeholders: Have high interest and low power; they are individuals that support the project.
  • Promoter Stakeholders: Have high interest and high power; they have the capacity to promote the project, such as marketers.

External Stakeholders   

Use your own organisation or an organisation that you would be interested in working for, and think about who their external stakeholders might be. 

In your own work document or workspace, keep notes for your future reference, as this information will support you in your assessment and professional practice. 

List five external stakeholders of the organisation you are interested in.

Use the following questions to check your knowledge.

Module Linking
Main Topic Image
A group of designers discussing a project
Is Study Guide?
Off
Is Assessment Consultation?
Off