Simply put, the costs for noncompliance could easily spell the end of many organisations and careers if they aren’t careful.
In 2016, the Australian government passed a bill called the Privacy Amendment (Notifiable Data Breaches) Bill 2016, which is designed to establish a mandatory data breach notification scheme in Australia. Under the new laws, if organisations that are subject to the Privacy Act incur an eligible data breach, they will need to alert the Privacy and Information Commissioner, as well as the people whose data has been compromised.
An eligible breach is defined as “unauthorised access, disclosure or loss of personal information held by the organisation and that access, disclosure or loss is likely to result in serious harm to any of the individuals to whom the information relates.” These can include breaches of information and secure storage through a malicious hack or through losing hard drives and documents accidentally.
The cost for not complying with these new laws are severe, with fines of up to $360,000 for individuals and $1.8 million organisations.
Less severe penalties can include compensation payments and formal apologies, but the large penalties are reserved for when the Commissioner believes an organisation has repeatedly failed to comply or has a significant breach they’ve failed to address. So, how can you prepare your organisation to ensure that you aren’t caught short by a data breach?
The bottom line is that everyone involved in data security and risk governance needs to be aware of the tools and techniques that can be deployed to avoid a breach in the first place. That’s where Data Masking (Data Redaction) becomes an essential tool in your arsenal, as it’s essentially the process of removing authentic sensitive data from the database and replacing it with alternate data that appears to be real data, but is not real data.
Your organisation may want to consider Data Masking for the following scenarios:
The development and testing of new software applications requires multiple developers, potentially located anywhere in the world, to be using actual data in testing prior to production versions. Data redaction is used here to enable the utilisation of real data structures, without the need to expose personal information.
It’s commonplace today to be outsourcing a range of services to 3rd parties for training, testing or development. These are often performed offshore. In this situation, Data Masking can enable these services to be delivered without exposing sensitive personal data to even authorised personnel.
Business analytics such as standard business intelligence processes where business analysts, researchers, marketers, sales managers, CEO/CFO and more will typically aggregate data to analyse for business metrics and forecasts. In this situation, Data Masking can enable the analysis to continue without the need for specific individual sensitive data to be exposed.
At Fujitsu PostgreSQL, we’ve been tracking these developments for the past two years and we’ve developed a range of solutions such as Data Masking for helping you to safeguard personal data within your database platforms. Please feel free to get in touch with us if you have any concerns about your systems and technology, and we’ll be only too happy to help you mitigate the risks for your business.
If you have data security concerns or are looking for a more robust, secure and scalable database, then contact one of our experts on +612 9452 9191.