Enter your details below to stay up-to-date with the latest IT solutions and security measures.
The update to the Privacy Act due in March 2020 brings with it mandatory breach disclosure for incidents that involve a reasonable amount of Personally Identifiable Information (PII) and fines for failure to do so.
This means it is probably time to review how you protect PII and how you would respond to a PII breach. Many organisations find it difficult to manage storage and access to PII and surveying organisational systems to identify PII can be a substantial undertaking. Alternatively, there are products in the market that can scan file stores and email archives for key words that might indicate PII. These tools can point you in the right direction, however still need human intervention to verify the results.
Once PII instances have been located, the following should occur:
- Classify all PII as confidential
- Mark for restricted access to ensure only valid usage
- Contain to a few specific systems and not be scattered around the organisation
- Role Based Access Control (RBAC) should be used to restrict individual’s access.
Data Loss Prevention (DLP) is certainly a solution that can greatly help in securing the PII and managing it going forward. Still assess what you have and where it resides is still a large piece of work and should be started now in time to be ready for March 2020.