CaptureIT launches data breach remediation service

Is your organisation curious about the impact of Australia’s Notifiable Data Breaches (NDB) scheme? Australian image scanning bureau CaptureIT has launched a new specialised offering designed to put those concerns to rest by offering a comprehensive framework for managing and reporting on the entire data and content lifecycle of relevant personal and enterprise information.

Under Australia's notifiable data breaches scheme, companies or government agencies must reveal a breach if the data includes personal information that is likely to result in serious harm. Since it came into effect on February 2, 2018, there are have already been 63 notified breaches of the NDB scheme according to The Office of the Australian Information Commissioner (OAIC).

This includes the Australian arm of Danish shipping company Svitzer, part of the Maersk Group, which suffered a significant data breach last year involving email theft that affected almost half its 1,000 Australian employees.

“There is no silver-bullet technology solution for NDB compliance,” said Glenn Smith, Managing Director at CaptureIT – Global.

“Instead, NDB compliance requires a mix of technology, policy and workflow that incorporates a deep understanding of the regulations. Our NDB services provide the technical know-how and change management best practices to address these new requirements.”

Smith recommends the focus for an organisation must remain clearly on the protection of personal data and the ability to demonstrate all reasonable steps have been taken to detect and manage any incursion or breach. Organisations should undertake an initial risk assessment and be prepared to deal with a breach of personal data should it occur.

“To minimise the risk of any privacy breach, organisations should consider the option of digitising all possible content immediately it is received and process within secure applications as quickly as possible. It should be noted that physical documents present the highest risk with regard to the NDB privacy detection process,” said Smith.

Solutions that securely manage data and content from creation to disposal are an essential component of an effective and demonstrable strategy to manage the obligations and governance responsibilities arising from the new Privacy laws.

The key components of the CaptureIT solution include the Smart Capture platform from Ephesoft, along with a range of content management applications offered as a managed service in-house or in a secure cloud environment based in Australia. The solution will additionally enable organisations to identify information as it is ingested through daily activity, and generate reports as required, whilst maintaining the content in a secure manner.

CaptureIT recommends that access to digital content should be controlled by user and group profiles limiting access to defined content on the basis of agreed roles and responsibilities. Where content is particularly sensitive then solutions that enable security marks should be selected. This combination minimises the potential for personnel to carry out any privacy breach reportable action. Secure APIs ensure information transferred to other legacy applications is controlled and traceable.

Another essential component relates to the creation of audit trails recording all access and actions undertaken by users, including unauthorised attempts to access content from both internal and external sources.

The content management application should be configured to report potential audit breaches as quickly as possible to enable management action and reporting. Audit trails should provide extensive details of the areas and actions undertaken by a user and provide the substantive record for reporting of privacy breaches and the extent of impact, should they occur.

For further information on the Notifiable Data Breaches (NDB) solution, or to discuss how you can protect private information and mitigate a potentially large risk and financial penalty, contact CaptureIT on (02) 6040 9325.