Our client provides superannuation products and services for professional, managerial, administrative and service occupations across all sectors of the Australian economy.
Like many businesses, our client recognised the increasing threat and potential impacts of a data security breach and exposure of member personal identifiable information (PII). This included the potential for severe impacts on member trust, which would have commercial and legal impacts. The business also recognized that technical (cybersecurity) solutions were not sufficient on their own, and that a broader management approach would be needed to reduce the likelihood of a data breach. Our client was also conscious of the impacts that its AI initiatives could introduce in regards to PII management.
In addition, recognizing the fact that Privacy legislation is being revised to create stronger protections for PII and harsher penalties for PII breaches, the business required the development of a Personal Data Strategy and Roadmap, to ensure ongoing improvement of PII management practices. The Strategy needed to conform with the requirements of relevant legislation and regulations, and APRA prudential standards, applicable to registered financial and superannuation entities.
Astral engaged with the client’s business areas to analyse current business processes that access, use or generate PII. Using this process-oriented approach, current issues and gaps were identified. Based on this understanding, a formal (ISO31000) risk analysis was conducted, and reported using the organisation’s risk management framework.
Based on the risk analysis, a Personal Data Strategy was developed – this included defining short, medium and long-term management requirements, and a costed roadmap defining immediate (‘quick win’) short, medium and long-term initiatives. These initiatives were designed to ensure the business could meet current and anticipated standards of PII management practice.
In parallel to these activities, Astral used an industry leading data analysis platform to identify the locations, volumes and risk profile of PII in a range of repositories. Using proprietary BI reports that Astral has developed, PII remediation requirements were identified. Astral assisted to plan and action remedial deletion and/or secure archiving of PII.
Benefits
- Identified PII volumes, locations and risk profile
- Defined remediation requirements to delete and/or securely archive PII
- Understood the nature and level of PII-related business risk
- Identified opportunities for immediate risk reduction
- Defined actions and initiatives to reduce risk over the short, medium and long term
- Defined a Personal Data Strategy & Roadmap to ensure a sustainable approach to PII management that reflected the impacts of AI.
- Prepared the business for anticipated strengthening of Privacy legislation in Australia