Protecting Personal Information (PI) on business systems: Why it’s business-critical for Australian Companies

25.01.2023

In today’s digital age, companies collect, store, and process vast amounts of data, including personal information (PI) such as names, addresses, and financial information.

However, with the increasing number of data breaches and cyber-attacks, the protection of this sensitive information has become a business-critical issue for companies operating in Australia.

According to the Australian Information Commissioner, the first half of 2022 saw a 33% jump in large-scale data breaches. Over 40% of all Australians saw their date breached in that year.

And the financial impact of a data breach can be severe for companies. The average cost of a data breach in Australia in 2022 was $2.23 million (USD) per breach, including costs such as legal fees, loss of customers, and damage to reputation.

In addition, companies can face penalties for non-compliance with privacy laws, which can result in fines of up to $50 million, three times the value of any benefit obtained through the misuse of information, or 30% of a company’s adjusted turnover in the relevant period.

Furthermore, the ACSC notes that cybercriminals are increasingly targeting small and medium-sized businesses (SMEs) due to their perceived lack of cyber security measures. This highlights the importance for SMEs to implement robust security measures to protect PI.

So, how can companies protect PI on their business systems? The ACSC recommends a multi-layered approach, which includes:

• Conducting regular risk assessments to identify vulnerabilities and potential threats.
• Implementing strong and unique passwords for all accounts.
• Regularly patching and updating software and systems.
• Training employees on cyber security best practices.
• Investing in security software such as firewalls and anti-virus programs.
• Having an incident response plan in place in the event of a breach.

For those businesses looking to conduct regular risk assessments, this might include implement Data Loss Prevention or a DLP. The challenge, however, is that this often does not account for pre-existing or acquired data – one of the reasons that Gartner’s Market Guide for Data Loss Prevention claims that a DLP is not enough to ensure your business is protected.

The other option is a manual scan of every existing data asset for PI, which for most businesses means thousands of pieces of data. This would mean accounting for everything from opinion about an individual such as notes from a job interview, the ABN details of a sole trader, photographs, tags in social media posts and more.

An alternative option is deploying software such as Frisk.

The software can be deployed to undertake a detailed audit of stored data to identify the location and categorisation of PI, and utilises advanced technology to:

• Audit data across structured, semi-structured and unstructured formats, whole-of-enterprise.
• Identify data such as passport and driver’s licence numbers via pattern and fuzzy matching.
• Detect and refine detection of data that is not explicitly categorised as PI via a sophisticated context and vocabulary model that utilises Natural Language Programming (NLP) and Machine Learning.
• Deploy in cloud, on-premise or in combination, with the ability to leverage embedded (legacy) technologies and in-house capabilities.
• Seamlessly integrate with existing systems and an intuitive UX/UI.
• Allow for installation and configuration without the need to customise, code or conduct arduous data migration strategies.

Protecting PI on business systems is business-critical for Australian companies. With the increasing number of data breaches and cyber-attacks, the financial and reputational impact of a breach can be severe.

If your business could have un-protected PI in its business systems, now is the time to protect it. Contact us, or schedule a no-obligation demonstration of what Frisk can do. After all, there are now more than 50 million reasons to do it.

References:

• Office of the Information Commissioner. (2022) OAIC data breach report shows key privacy risks. Retrieved from: https://www.oaic.gov.au/updates/news-and-media/oaic-data-breach-report-shows-key-privacy-risks#:~:text=There%20were%2024%20data%20breaches,caused%20by%20cyber%20security%20incidents.
• Gartner. (2021) Market Guide For Data Loss Prevention. Retrieved from: https://www.gartner.com/en/documents/4002997
• Australian Cyber Security Centre. (2019). Data breaches. Retrieved from https://www.cyber.gov.au/acsc/view-all-content/data-breaches
• Office of the Australian Information Commissioner. (2019). Notifiable Data Breaches quarterly statistics. Retrieved from https://www.oaic.gov.au/privacy/privacy-resources/notifiable-data-breaches-scheme/notifiable-data-breaches-statistics