Data Protection during a Pandemic.

“Health Service Providers” reported the highest number of data breaches of any type of organisation between January–June 2020.²

Although the focus of the OAIC’s recent advice is handling health-related personal information during the COVID emergency, it remains relevant to all categories of sensitive data.

The need for Data Protection

Data is gathered and stored to provide business and services, as well as to facilitate the operation of an organisation. E-commerce and information exchange over the web has created huge opportunities, and the importance of data protection has risen accordingly.

Lack of policy around handling personal data and the absence of sophisticated tools to monitor data breaches leads to wide ranging uncertainty and risk, especially during a crisis like a pandemic. While organisations are increasingly becoming aware of their Data Protection obligations, individuals are increasingly becoming concerned about their Right to Privacy.

Which data is “Sensitive”?

Sensitive data is that which identifies an individual and hence should be gathered and used only with the consent of the individual. The organisation collecting such information is obliged to safeguard the data and prevent any misuse, which otherwise would amount to breach of the individual’s “Right to Privacy” resulting in compliance complications and reputational loss.

What is Data Protection?

Data protection encompasses the lawful usage, storage and processing of sensitive data in order to safeguard the integrity and sanctity of data privacy. Governments are increasingly enforcing regulations to protect PII (Personally Identifiable Information), PHI (protected health information), and data involved in the Payment Card Industry (PCI) which is also necessitated by the growing e-commerce and remote engagement.

Data Protection in Australia

The primary legislation governing the protection of personal information of the individual is The Privacy Act 1988. States and territories alsohave their own statutory provisions. Such legislation applies to public as well as private bodies.

The Privacy Act 1988, outlines the privacy protection framework in the form of Australian Privacy Principles. These principles are laid out to govern standards, rights and obligations to enforce data protection, while it allows flexibility and technology neutral adoption of practices.³

The Global Context

The National Institute of Standards and Technology (NIST), provides a voluntary tool in the form of a Privacy Framework to promote organisations identifying and managing privacy risks.

In the United States, the Health Insurance Portability and Accountability Act of 1996, governs health-related information of an individual across the healthcare and health insurance industries.

To ensure uniform enforcement of data protection laws, the European Union’s General Data Protection Regulation (GDPR) came into effect in 2018. Australian businesses are required to conform with GDPR if they have an establishment in the EU or provide goods and services to individuals in the EU.

A comprehensive list of privacy Laws in different countries demonstrates the mounting requirements organisations face regarding data protection.

What constitutes PII and PHI?

According to NIST:

Any information about an individual maintained by an agency, including (1) any information that can be used to distinguish or trace an individual’s identity, such as name, social security number, date and place of birth, mother‘s maiden name, or biometric records; and (2) any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information.

This list is not exhaustive, rather, it is indicative of the pieces of information that could be used to either distinguish or trace an individual.

There are 18 HIPAA identifiers that are widely used to deliver services by healthcare providers, health insurance agencies and their business associates. The Privacy Act 1988 is largely the Australian counterpart to HIPAA.

Alex Solutions for Data Security

Data protection at enterprise scale is a daunting challenge that Alex can give you a major headstart on.

Alex Data Lineage reveals the entire life-cycle of data within the organisation, including how it transforms and moves from place to place. The Lineage is entirely automated, scanning your systems and generating a detailed map at a high degree of completeness. One quick scan will have you on the way to reducing regulatory compliance risks. Sensitive data is growing at exponential rates during COVID-19. One of the world’s largest companies is currently leveraging our Lineage to report their entire dataflow — including all processing — to the regulator.

To compliment end-to-end lineage, Alex can automatically scan your system to detect sensitive data, immediately identifying its location, access controls and history. Out of the box, Alex can detect sensitive data including but not limited to PII, PHI and PCI, across a wide range of both structured and unstructured data storage technologies.

The COVID pandemic has only accelerated the development of increasingly stringent and comprehensive regulatory obligations surrounding data privacy. Organisations should seize the opportunity to adopt highly automated, powerful software solutions that can rapidly transform their data protection program. If you’re looking to uplift the security of your organisation’s data, get in contact with our team to arrange an Alex demonstration addressing your specific needs today.

To find out more about how Alex Solutions can help your organization visit www.alexsolutions.com.au and get in contact with us to book a demo today contact@alexsolutions.com.au

--

--

--

ALEX™ is a Metadata Management Solution designed to empower everyone to securely find, understand, protect, and use the world’s data.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Disclosing Nigerian Crypto Scam Group “Operation N-Fiverr”

{UPDATE} CrazyStone DeepLearning Hack Free Resources Generator

Remote Code Execution | A Story of Simple RCE on Jenkins Instance.

Anticipating Future Security Design Patterns

Dragonaire Information Center

{UPDATE} 游戏大全 - 消消乐2017海滨假日版 Hack Free Resources Generator

What you need to know about Multi-factor authentication

Burn details, Tokenomics, and Dev wallet lockup

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Alex Solutions

Alex Solutions

ALEX™ is a Metadata Management Solution designed to empower everyone to securely find, understand, protect, and use the world’s data.

More from Medium

A Strategic Approach to Data Storage

Unlock the Potential of Data with SAP Data Warehouse Cloud

Data Quality — 5 metrics to measure data quality in your company

Before I Date a Data Hub