InfoSure Sensitive Data Governance Service

How are you managing your Sensitive Data Estate ?

Are your information assets susceptible to potential access, and do you have a remediation strategy in place to address possible data breaches?  Regular reviews and remediation should be part of an organisation’s data risk management plan.

WHAT SETS US APART

InfoCentric has extensive experience working in complex, high volume data environments to establish data governance best practices. We have a unique combination of data governance expertise coupled with specialist technology to assist in managing structured and unstructured sensitive (PII) data.

This enables us to use our specialist skills and capabilities to offer a unique service designed to assess your information risk, with particular emphasis on your retention and management of sensitive data, scanning and assessing your data assets, and providing remediation services to assist internal customer teams to pro-actively address data exposures.

KEY CHALLENGES

At InfoCentric, we are convinced that there are going to be increasing data breaches in the next few years.  The volume of data is growing exponentially  as new data types evolve from AI and ML use cases.  The challenge is that its very hard to enforce information policies and standards across an organisation, so the problem is growing silently every year.

Privacy laws are further compounding the challenge of managing sensitive PII data, as penalties and fines are being increased by regulatory and compliance agencies.

The Office of the Australian information Commissioner (OAIC) has more information relating to penalties and fines to Australian companies from notifiable breaches.

  1. Evolving compliance requirements – The landscape of regulatory standards, such as Privacy Act 1988 (Cth) or APRA Standard CPS234 / 235 can be complex to manage. In 2022, penalties for repeated or serious privacy breaches in AU were increased significantly.
  2. Growing prevalence of data breaches – Data breaches are on the rise, with increasing numbers of large organisations across industries falling victim to large-scale cyber attacks. Tactics are constantly evolving, with multi-layered defences required.
  3. Real-world impacts of data breaches – Breached data can be used for identity theft, phishing scams, domestic violence, and more. Information available to those with malicious intent is hard to stop and can lead to serious harm.
  4. Internal risk and audit capability – Internal audits and risk assessments may have difficulty managing the scope and breadth of information management. However, unmanaged sensitive PII information can present an intolerable risk.

OUR KEY PRINCIPLES

InfoCentric has adapted our Information Management Framework and created our Information Assurance Model that guides a customer through an end to end set of activities for assessing your structured and unstructured information assets, establishing standards, policies and business rules, and then the critical process of guiding the customer through the assessment, review and remediation activities. Real time dashboard reporting provides critical information for executive and operational consumption and a collaboration environment provides a change management platform for end users to treat files.

INFOSURE – SENSITIVE DATA GOVERNANCE SERVICE

InfoCentric’s InfoSure Sensitive Data Governance Service identifies structured and unstructured sensitive PII data across multiple repositories. Scan selected high-risk environments, such as core business systems, network and cloud drives. Identify sensitive information within unstructured files, with configurable options based on your specific business rules.

For example, scan for the following attributes: Name, Address, Phone, Medicare, Drivers License, Email, Passport, Credit Card, Tax File, Gender, Date of Birth; and other critical data elements that drive your business.

InfoCentric’s InfoSure service ensures a thorough clean-up and ongoing assurance process:

  1. Develop a remediation approach based on existing risk, security and records frameworks, including pragmatic and concise stakeholder education
  2. Provide findings and insights to each team regarding how to treat/remediate files – for example prioritising high-risk files that have not been accessed for significant periods
  3. Support each team with advice and quality assurance, and an easy to use collaboration environment based on Microsoft Teams
  4. Conduct an audit post remediation to provide assurance, identify remaining risk and input into strategic findings report.

BENEFITS

  1. Drastically reduce information risk by actively disposing of, or moving to manage files containing high-risk sensitive information.
  2. Make compliance easier by defining an appropriate set of consumable criteria for managing sensitive information
  3. Educate staff using ‘real life’ examples of unmanaged sensitive information (results of scan)
  4. Ensure ongoing compliance through more mature processes and annual audits.
  5. In the event of a data breach, use InfoSure to quickly identify and remediate your risk, protecting your organisations reputation.

Learn More:

Strategy & Advisory Service

Managing the risk of a data breach for a major retailer

Sensitive Data Scanning: Why is it important?

Our Information Management Maturity Assessment: The Basics

Avoiding a data breach at your company

Reduce your reputational risk – contact us today for a confidential discussion
GET IN TOUCH