Hitachi Data Systems chief technical officer, Adrian De Luca, has weighed in on what will be a “new era of privacy” in Australia as March 12.
De Luca, who recently took part in a Google Hangout with privacy lawye,r Alec Christie, from DLA Piper, said writing your privacy was a critical first step.
“Just like protecting the intellectual property of your company, safeguarding identifying information of your clients is the next step in protecting your brand and reputation,” he said.
“If you think about it, protecting personal privacy should really be a logical extension to data security and management practices.
De Luca has given his top three tips for enterprise, to help deal with the biggest changes to Australia's privacy laws in 25 years.
He warned of applications storing data in multiple places, making copies and snapshots in different formats.
“You may be inadvertently storing personal information about people long forgotten or no longer deemed of business use,” he said.
"Conducting an audit of all your personnel not just a logical first step, but an important one.
"Not only will this help you uncover all your personally identifiable data, but it can also give you an opportunity to do a spring clean before getting your systems in order."
Next on the list is managing the information life cycle.
“In general, the APP’s require organisations to have well defined, documented procedures and systems for managing personal information,” he said.
“Adopting policy based file management technologies for relevant data sets can not only automate some of these procedures, but also enforce disposal when it is no longer needed."
He said various industry or legislative acts that overlay the APPs required the retention of information for a specified period of time.
“This is where software like Data Migrator on Hitachi Network Attached Storage (HNAS) really helps, allowing you to create flexible policies to migrate files from a primary file server to the Hitachi Content Platform (HCP), a full featured object store. Once in HCP, it remains persistent and immutable for as long as it needs to be retained,” he said.
“When no longer required as defined by the policy, the HCP will expire the objects where they can be permanently destroyed, helping to comply with APP 4 and 11.
“Furthermore, if changes or updates are made, HCP also allows you to maintain multiple versions providing a full audit history, helping comply to APP ‘s 10 and 13.”
APPs 10 and 11 call for maintaining the quality and security of personal information.
De Luca said the Hitachi Data Discovery Suite (HDDS) could search file systems and objects independent of application, giving you a ‘Google’ like view of all your instances and assist in identifying any discrepancies.
“Another benefit of HDDS is that it works independent of application, so if your retire your application down the track, you can still retrieve all the information wherever it may be," he said.
“Of course infrastructure technology alone will not lead to compliance salvation, but adopting modern tools and transforming your IT infrastructure will reduce the overall cost of compliance in the long run, as well as minimise the risk of falling foul of these new laws.
“I also believe the new privacy era is not only an opportunity for organisations to extend their existing data security practices to be more focused on individuals, but also to improve information workflows and efficiency across the enterprise."