Personal Information (PI) detection
2022 will be remembered as a year where millions of Australians grew increasingly aware of the impact that the storage and under-protection of Personal Information (PI) can have.
The first half of 2022 saw a 33% jump in large-scale data breaches according to the Office of the Australian Information Commissioner (OAIC)[1]. These were breaches that involved the data of more than 5000 Australians.
The latter part of 2022 saw two of the worst data breaches in Australian history, with hackers stealing (and in some cases, releasing) the PI of millions of Australians. The Medibank crisis alone exposed personally identifiable health records of nearly 40% of the Australian population[2], with the Optus hack expected to cost the business $140 million[3].
More recently in March 2023, Latitude, the Australian personal loan and financial service provider, was affected by a data breach that impacted over 14 million people from Australia and New Zealand and cost the company $76 million.[4] These are just a few of the many recent high-profile cyber attacks on major Australian companies.
Is your business unknowingly storing PI?
The definition of PI is cloudy, and to make things even more complicated, PI can be stored in a variety of formats – scanned forms or notes, digital documents (PDFs, forms, presentations), photos and videos, chat bots and more. These are the tools that almost every person in a business utilises on a daily basis.
And with an estimated 80-90% of all data existing in an unstructured, and more-difficult to navigate format[5], it’s imperative for every business to have a solution that caters to this unstructured world.
To help achieve this, some organisations have implemented Data Loss Prevention (DLP), although this often does not account for pre-existing or acquired data, and some data will sneak through as it does with any perimeter barrier. This is just one of the reasons that Gartner’s Market Guide for Data Loss Prevention[6] claims that a DLP is not enough to ensure your business is protected.
Frisk locates PI lurking in business systems with PI Insights
To reduce the risk of a privacy breach, organisations can manually scan every data entry and asset for PI, or deploy indexing technology to do the work for you.
That’s where Frisk PI Insights can help. The software can be deployed to undertake a detailed audit of stored data to identify the location and categorisation of PI, and utilises advanced technology to:
- Audit data across structured, semi-structured and unstructured formats, whole-of-enterprise.
- Identify data such as passport and driver’s licence numbers via pattern and fuzzy matching.
- Detect and refine detection of data that is not explicitly categorised as PI via a sophisticated context and vocabulary model that utilises Natural Language Programming (NLP) and Machine Learning.
- Deploy in cloud, on-premise or in combination, with the ability to leverage embedded (legacy) technologies and in-house capabilities.
- Seamlessly integrate with existing systems and an intuitive UX/UI.
- Allow for installation and configuration without the need to customise, code or conduct arduous data migration strategies.
Can you afford not to explore Frisk PI Insights?
The end of 2022 saw increased penalties for serious and/or repeated privacy breaches. The Privacy Legislation Amendment increased the maximum penalties to whichever is greater of[7]:
- $50 million;
- Three times the value of any benefit obtained through the misuse of information; or
- 30 per cent of a company’s adjusted turnover in the relevant period.
This penalty also doesn’t take into consideration costs to the business such as reputation damage, lost customers, decline in business value etc.
In fact, the average cost of a data breach in Australia in 2022 was $2.23 million USD per breach, set to rise with the new penalties in place. And for 83% of companies, it’s not if a data breach will happen, but when. Usually more than once[8].
Contact us today to find out more about how Frisk can help detect PI, and help your business get ahead of hackers.
References:
[1] Office of the Information Commissioner. (2022) OAIC data breach report shows key privacy risks. (Accessed: 10 Jan 2023)
[2] de Krester, A. (2022) Medibank rules out ransom as breach hits 9.7million. (Accessed: 9 Jan 2023)
[3] Samios, Z. (2022) Optus hack to cost at least $140 million. (Accessed: 9 Jan 2023)
[4] ACS Information Age. (2023) Data Breach Cost Latitude $76 Million. (Accessed: 9 Feb 2024)
[5] Gartner. (2021) Market Guide For Data Loss Prevention. (Accessed: 9 Jan 2023)
[6] Rizkallah, J. (2017) The Big (Unstructured) Data Problem. (Accessed: 10 Jan 2023)
[7] The Hon Mark Dreyfus KC MP. (2022) Parliament approves Government’s privacy penalty bill. (Accessed: 9 Jan 2023)
[8] IBM Security. (2022) Cost of a Data Breach Report 2022. (Accessed: 10 Jan 2023)