05 Jul Your responsibilities as a Data Subscriber
As a Data Subscriber, there are a number of key responsibilities that support the ongoing security, and confidence in the management of Grower data. Below are a few quick reminders of how you can ensure that you’re meeting your obligations as a Data Subscriber.
Grower-driven Consent
Did you know that when providing you with their NGR Card Number, this is the Grower providing consent for their data to be accessed, used and stored in your system.
It is important to remember that when a card is delisted, the consent to access and use the details also stops. In order to comply with this retraction of consent, it is vital to ensure your data management, security and privacy management processes are best-practice.
By working together, we can all ensure the best possible outcomes for ourselves, our systems and most importantly the Growers we service.
Authorised Users Roles + Access
Having an individual log in for each staff member that requires access is integral to the ongoing security of Grower Data and Privacy, and is a mandatory requirement within our Data Subscriber Terms. In addition to having access, ensuring those users have the right access is the next stage. We have three different Roles or ‘levels’ for users: Admin, Tech, Listing, and these can be initially assigned when adding the Authorised User, or changed by an Administrative Authorised User at any time.
What role or level does a user in your organisation need?
Admin Representative(s): responsible for the management of the Data Subscriber’s myNGR Listing users. This person agrees to regularly review the Data Subscriber’s business details, including the validity/currency of the Data Subscribers Listing users. All business-related correspondence for the Data Subscriber will be forwarded to the Administrative Representative.
Technical Representative(s): responsible for system integrations and technical support on behalf of the Data Subscriber.
Listing Representative(s): can list and delist Grower listings and download data files.
With no additional cost for the quantity of users on a Data Subscribers account, NGR encourages Admin Reps to ensure that any individual that requires access is added as a listing rep user before they access Grower details, and to ensure that there is no sharing of login credentials between users.
Ensuring all listings are up to date and still relevant
If you are not listed on a Grower’s NGR Card, you do not have the Grower’s consent to use their information. Therefore, the Grower’s information must be removed or anonymised from your system as soon as you delist the NGR Card from you Data Subscriber account. The NGR system can help to identify out of date NGR Cards by using the ‘Deregistered’ download file type, to identify those that are no longer registered.
Storing of Data
Data Subscribers utilising NGR data are required to comply with the Australian Privacy Principles and Privacy Act, and NGR’s Privacy Policy and Terms when storing sensitive data with regards to Growers. This includes compliance by Third Party Developers, and all data being stored on Australian Soil or where stored/accessed via an offshore location, the same Principles, Acts, Policies and Terms are adhered to.
For more information about your obligations as a Data Subscriber, please review our current Data Subscriber Terms here.
Data Breaches
Data Breaches can occur in a variety of ways, resulting in customer and business impacts. Whilst the OAIC’s criteria of what mandates a Notifiable Data Breach (NDB) is covered under the OAIC NDB scheme, under NGR’s Data Subscriber Terms, as soon as an authorised user knows or suspects of any unauthorised use or access of myNGR data, they are required to notify NGR immediately.
Want more information about aspects of this topic? Our team can be reached on 1800 556 630 or via emailing support@ngr.com.au.