Not a day goes by without another report of a data breach somewhere on the Internet or in the newspaper.
But what exactly is a data breach?
And is there anything you can do to prevent a data breach?
In this blog, we are going to try to shed more light on this.
The increased focus on a data breach can be traced directly to the introduction of the new European Privacy Law, the GDPR in 2018. This law defines how organizations must protect the privacy of individuals. The basic premise is that organizations must process data on individuals with whom they have a relationship in order to be able and allowed to carry out that relationship. For example, a relationship could be offering a subscription, or it could be following treatment at a hospital. In all these situations, an organization processes data on the individual concerned.
What is a data breach?
The Personal Data Authority, the regulator of the implementation of the GDPR, provides the following answer on its site:
“A data breach involves access to or destruction, alteration or release of personal data at an organization without that organization’s intent.”
In other words, in a data breach, the data you have shared with an organization without intending to do so ends up on the street. But so is a data breach if the data is inadvertently changed or deleted!
So what can you do to prevent a data breach?
Basically, there are several measures you can take, but one of the most important is to make sure personal data is only in the production/live environment. By processing the data only there, you avoid inadvertently releasing it onto the street from another environment (testing, analysis, training, etc.).
In addition, it is crucial that you establish authorization management and implement adequate security measures so that only authorized employees can enter the live environment.
You can then have other employees who need to test a new version of the software, for example, work in a different environment with anonymized data. You could also do this for providing training and for analysis.
In summary, to prevent data breaches, you must ensure that personal data is only processed in 1 place in the organization. This place (the production or live environment), you secure and you ensure that only a limited number of authorized employees have access. In other places, you provide representative but non-reducible data.
The solution: anonymize or mask data
Many of our clients have become aware that they receive, store, retain and thus process documents in which personal data is still visible to all or a large part of the organization. Meanwhile, these customers “cleaned up” by letting DataFactory or FileFactory software do its work.
If your organization is also about to tighten up its strategy with respect to processing personal data, feel free to contact us for polishing away (read anonymizing or masking) sensitive data in your database or documents.
Quickly mask sensitive data?