Compliance to privacy act and mandatory data breach reporting for corporates

Ensuring Compliance to Privacy Act and
Mandatory Data Breach Reporting
Total visibility and control of key information assets
A one-stop solution for SME and Enterprises

www.e-safecompliance.com
Fundamental requirements of the Privacy
Legislation
Need of a governance tool that can identify and protect sensitive
data and provide clear audit trail
Need of a technology response which forms an integral part of the
overall policy and procedural response required to address the
privacy legislation.

Key data for companies is customer records.
“Data that can cause serious harm to the
individual in case of a breach”

“Guide to securing personal information”
published by OAIC.
OAIC - will refer to this guide when undertaking its Privacy Act
functions 
 Investigations - whether the company has complied with its
personal information security obligations
 Assessments
e-Safe addresses all the nine areas highlighted within the Guide

Nine areas of compliance
1. Need to have proper Governance, culture and training for users
e-Safe helps in educating the users on wrong practices
2. Need to have formal Internal practices, procedures and systems when
handling private data
e-Safe helps to implement ISO27001 processes for data security
3. ICT security
e-Safe mitigates the risks of internal / external attackers and human error whilst
allowing users to continue work uninterrupted.
4. Access security.
e-Safe provides access controls on personal data within encrypted documents to
ensure only authorised users can access the data.

5. Third party providers including cloud computing.
e-Safe tracks the outflow of personal data to cloud applications and websites including
Office365, Dropbox, Google Docs, etc. and secures it using encryption
6. Data breaches.
e-Safe provides full visibility of potential data breaches and the necessary workflow to enable
further investigation of the same.
7. Physical security.
e-Safe Compliance provides full auditing facilities including a Hardware asset audit so that
missing devices can be quickly identified.
8. Destruction and de-identification.
e-Safe Compliance provides extensive data discovery functionality allowing the organisation
to locate personal data stored within the organisation and so facilitate the destruction of the
same.

9. Standards.
e-Safe Compliance implements the ISO27000 family of processes to ensure all
personal data is identified, protected and any potential data breaches are
managed in accordance with the standards specified by the Office of the
Australian Information Commissioner.

Practical ways of ensuring compliance

Data Discovery and Classification - Policy Management
Discovery and
classification of
structured and
unstructured data
from various
sources and in
different states
(data at rest, in
use and in motion)
Data Security Controls - Policy Management
Centralized data
security controls to
manage and
control identified
datasets
Data Protection
Protecting data
using encryption
and access control
Data Auditing and Activity Monitoring
Monitoring data in
use and in motion
using various
media and the
associated user
activities
Datacentric - User
Behaviour Analytics
Data centric user
behaviour risk
reporting highlights
areas of concerns
e-Safe Compliance Data Centric Security Framework

Targeted monitoring of private data through
Data Classification and Discovery

Identification and classification of various forms
datasets from various sources
1. Ability to classify various forms for datasets e.g. text, alphanumeric, regular
expressions and file extension
2. Identification and classification of data from Databases and Document
Management Systems using SQL statements. Such as categorizing personal
identity numbers and other IP related data.
3. From lists of data – like list of Medicare numbers to ensure targeted security
4. Sticky classification by location – information sensitivity linked to its presence in
specific file stores – classification follows even if information moved.

ADHOC generation of
new regular
expressions – allows
for focused public
data monitoring
The new ADHOC regular expression
can be targeted to only monitor specific
information in databases or file stores.

Auto Classifiers
for Database
content
1. Allows user to define SQL
query to monitor sensitive
information stored in the
database. Updated based
on a schedule.
2. Supports all kinds of data

Sticky classification of
Information by virtue
of LOCATION e.g.
Folder based
classification
1. Any information pasted in the
respective folders gets
discovered and classified based
on the folder settings.
2. Classification remains with the
information even if the
information is moved.

Centralized Data Policy Security Management

Centralized Data Policy Security Management
e-Safe Compliance provides admin easy to use centralized data policy security
management options to control the identified datasets. Some of the key features include:
1. Creation of central protection schemes irrespective of data store based on data
sensitivity
2. Integration / synching with AD to gather users and user roles within the organization.
3. Central control for mobile and external 3rd party users
4. Establishing special measures to handle data with ex-employees and stolen
sensitive devices
5. Instant protection of sensitive information at the point of creation – targeted at high
risk users
6. Support for multiple roles within system, based on ISO27001, to ensure separation
of duties and allow for auditing of system usage.

Central Protection
schemes based on
data sensitivity
1. Colors represent different
sensitivity levels
2. Colors represent different usage
restrictions

Security Policies for Mobile and external 3rd
Party users who are not part of company’s AD

Customizable user
properties determine
the experience and
privileges
Fully customisable.
Different user
groups/users can have
different sets of privileges

Disable keys
based on time –
Protection against
rogue employees
and stolen
Sensitive PCs
User needs to connect to
the server else files get
locked.

Special Support for BYOD
Ability to define laptops as BYOD and restrict monitoring to
specific users inside the PC
Encryption only agents for users who want to work from
home
Support for IOS and Android

Data Protection via Encryption
Critical public data remains secure inside and
outside of the organization

Persistent encryption to automatically secure
sensitive documents based on rules
Automatic classification and protection of files upon
discovery using classification rules
Can only be accessed on PCs having e-Safe agent
installed with the relevant permissions
Remain protected even if they leave the organization
Remain secured even if 1)if renamed 2)copies made
3)Saved in different formats 4) extensions removed
Data usage Management to block copy/paste, printing,
screen grabs depending on sensitivity level of file
content.

Support for Data on
Mobile and Tablet
Devices
Encrypted documents can only be
viewed on iOS and Android devices
using e-Safe Compliance APP.
All documents are tracked on the
handheld devices

Data remains
encrypted in mobile
devices
Secure access of files

Secure Transfer Mechanisms for interacting with
3rd parties and working from home
1. Encryption only version for editing and viewing
2. Free Windows/iOS/Android Viewers
3. Package the document
4. Remove encryption by giving a reason for its usage
Note: External third party users need to be authorised and registered to have
access to option 1 and 2.

Data Auditing and Activity Monitoring – gives the
required visibility on movement and usage of
sensitive information

Monitoring Use-Cases
1. Total Data Exfiltration Monitoring via corporate or non-corporate means
 Monitoring whether online or offline, whether using corporate or non-corporate networks
 Syncing files to Smart phones
 USBs
 SD card
 Printing – corporate or non-corporate printers
 Uploading files using encrypted channels such as whatsapp, wechat, Google Hangouts etc
 Using personal emails for sharing company files such as Gmail, yahoomail etc
 Free cloud storage such as dropbox, onedrive, Cloudme, teamdrive etc
 Able to differentiate between corporate one drive and free one drive
 Monitoring File or text
2. Visibility and prevention of shadow Computing  websites or applications

Consolidated view covering all flow of information on
non-standard/non-corporate sources

Actionable reports
based on Excel – easy
to use and understand
Data flow are reported based on a user
angle with complete detail of the
channel used. The users get grouped
into respective departments based on
AD groups.

Actionable reports based on Excel – easy to use
and understand

File versioning (via GUID) to track full lifecycle of
file and its copies
Know the current
status of the file –
including path, rules
applied etc
Know the full version
history of the file. IF
renamed, made
copies of etc

e-Safe helps to automate the risk analysis
process for schools

Risk Parameters defined by Management
Risk associate with events and the sensitive data
(if any) involved in the event fully configurable.

Dashboard view of the different risk types.

Risk Profile of users calculated based on risky
behaviours (change in normal behaviour, defined
risks etc)

In Summary
A governance tool to assist with your policy and procedural
implementations
Protects sensitive data using encryption inside and outside of the
school
Provides clear visibility in case of a breach

Compliance to privacy act and mandatory data breach reporting for corporates

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Compliance to privacy act and mandatory data breach reporting for corporates

Similar to Compliance to privacy act and mandatory data breach reporting for corporates (20)

Recently uploaded

Recently uploaded (20)

Compliance to privacy act and mandatory data breach reporting for corporates