Protegrity specializes in protecting sensitive data, a focus we’ve maintained for around 20 years. Our customer base includes many large enterprises, particularly in the healthcare and financial sectors, spanning across the globe. Our clients include some of the most renowned companies worldwide.
We protect data by de-identifying sensitive information, making it useless in the wrong hands but valuable within your organization. For instance, within your organization, you need data for analytics, customer service, and informed decision-making. Protegrity enables this by de-identifying the data and providing it on a need-to-know basis. For example, customer service might only need the last four digits of a credit card or Medicare number, while a financial officer might need full access to the entire dataset. If a cybercriminal breaches your defenses and accesses the data, it remains protected, as the data is tokenized, not in clear form.
Our solutions include post-quantum-ready tokenization, encryption, data masking, and other protection methods. We excel in areas such as data sharing, cloud migration, and protecting Personally Identifiable Information (PII) and Protected Health Information (PHI).
Recent Changes in Privacy Laws
There have been significant changes in the data protection landscape, notably with the ongoing upgrades to the 1988 Privacy Act. One clear shift is that privacy is increasingly becoming the responsibility of organizations rather than individuals. This shift affects all organizations that handle data, including healthcare and financial institutions.
Recent high-profile breaches, particularly in the healthcare sector, have raised concerns. For example, in one case, 13 million Australians had their personal information compromised, and just a few years ago, 10 million individuals were affected by another breach in the healthcare industry. These incidents have led to a loss of trust, prompting governments to make data protection and privacy a priority, especially for organizations in highly regulated industries like finance and healthcare.
Growth in Security Spending and Data Breaches
In 2024, organizations globally experienced a 14% growth in security spending, while at the same time, breaches increased by 78%. This discrepancy highlights the challenges organizations face in securing their data. Security spending focused on areas such as endpoint security, network security, identity and access management, and other services. However, even with these measures in place, cybercriminals are still often able to bypass security layers and access data. Protecting the data itself is paramount. Without robust protection, even the most sophisticated security systems can be compromised.
Data Breaches in Australia and the Healthcare Industry
Some statistics that highlight the data breach trends:
- In 2023, Australia was the sixth most breached country globally.
- A September 2024 report revealed that 73% of Australians are likely to have their data stolen due to breaches, a significant increase from the previous year.
- Healthcare data is particularly vulnerable, with 41% of breaches involving healthcare information.
- Breaches in healthcare are especially costly, often double the cost of breaches in other industries, due to the complexity of managing legacy systems and increasing volumes of data.
- The Office of the Australian Information Commissioner (OAIC) identifies healthcare as the most targeted industry, followed by government and finance. Since the rise of COVID-19, the healthcare sector has undergone rapid digital transformation, which, while beneficial, has led to an increase in complex data systems that are harder to manage and protect.
The Role of Organizations in Data Security and Privacy
One important takeaway from recent discussions, especially in roundtables, is that data security and privacy must be an organization-wide effort. No single individual or team can ensure comprehensive data security. To be effective, organizations should seek C-level approval to drive these efforts down through all levels of the business, ensuring that everyone understands their role in protecting sensitive data.
Furthermore, data is often stored both on-premises and in the cloud, and it must be secured wherever it resides.
Cloud Migration and Security Challenges
Many organizations are moving their data to the cloud for reasons like innovation, scalability, and agility. However, this migration often comes with challenges related to security, auditability, and compliance. Despite these challenges, the benefits of cloud migration remain compelling.
At Protegrity, we recommend de-identifying data both on-prem and in the cloud. A data security-centric approach ensures that data is protected across various environments, whether in a public, private, hybrid, or multi-cloud setup. We support seamless integration with major cloud providers like AWS, Azure, and Google Cloud.
For example, a major UK financial institution, previously struggling with cloud migration due to security concerns, was able to move 70% of its business to the cloud after implementing robust data protection strategies.
Updates to the Australian Privacy Act
The Australian Privacy Act, which is being updated from its original 1988 version, is expected to become more stringent in the near future. The 1988 Privacy Act was created in an era before the widespread use of the Internet, and the legal framework has struggled to keep pace with technological changes.
The review of the act, including a report by the Attorney General in September 2023, identified 116 recommendations, of which 38 were agreed upon and 68 were agreed in principle. These recommendations mostly relate to refining definitions and requiring more detailed information about data collection and usage.
One key proposal is the “right to be forgotten,” which sounds good in theory but presents practical challenges. For example, data is often scattered across multiple systems, and tracking down all instances of an individual’s data can be very difficult.
The first step in addressing these changes is to discover and document where all data is stored and ensure compliance with new regulations as they emerge.
Data Protection in Healthcare Organizations
For healthcare organizations, several key principles must be followed:
- Protection: Organizations must demonstrate to customers, regulators, and stakeholders that steps have been taken to protect data.
- Privacy Principles: Organizations need to operate with clear privacy processes and ensure compliance with best cybersecurity practices.
- Transparency: Organizations should be able to answer questions about what data is being collected, who has access to it, and what it will be used for. This includes implementing the “right to be forgotten” process where applicable.
- Accountability: Business leaders are now directly responsible for protecting data and preventing breaches.
- Compliance: There is also a growing trend of increasing fines and penalties for non-compliance. Organizations are encouraged to build robust data management systems, starting with data discovery and classification. Understanding who has access to the data and how it flows through the organization is key.
Data Sharing and Third-Party Risks
Data sharing is a significant risk area, particularly in healthcare. Hospitals and labs routinely share patient data, and ensuring that this information remains secure even when it leaves the organization’s control is critical. Data protection measures should be in place to ensure security during third-party exchanges.
Cybersecurity laws, such as the Cybersecurity Act, now require the reporting of ransomware payments, highlighting the growing attention on data breaches. Breaches can result from both malicious actors and human error, such as sending emails to the wrong recipient or accidental system failures.
Balancing Data Protection and Accessibility
Data privacy is often a balancing act between protection and accessibility. While it’s important to protect sensitive data, organizations also need to ensure that employees can access the data they need to perform their jobs effectively. The most secure data is, of course, data that no one can access — but this approach would be detrimental to the organization’s ability to function.
Protegrity helps organizations strike this balance, ensuring data is both secure and accessible. We also support compliance across different jurisdictions using anonymization and pseudo-anonymization techniques. In a world where data breaches are becoming more common, protecting data while maintaining accessibility is critical for building customer trust and loyalty.
The Future of Privacy and Data Protection
Privacy is becoming an increasingly important focus for businesses. As we move into 2025, it’s clear that privacy will not just be a regulatory requirement but an opportunity for organizations to demonstrate trustworthiness to their customers. For data teams and legal teams, this shift enables greater compliance and risk mitigation. For security teams, it means reducing the impact of data breaches by making data useless to cybercriminals. And for executives, it’s an opportunity to build customer loyalty while driving the organization’s growth.
By implementing comprehensive data protection measures, organizations can ensure their data remains secure and compliant, contributing to a safer digital ecosystem for everyone.
To dive deeper into these critical insights and explore actionable strategies, download the full whitepaper, “Navigating Australia’s Data Privacy Landscape in 2024.”
We’d love to have a detailed discussion around your use cases and the projects you’re working on at the moment. If you have any further questions or need assistance on data protection or data the privacy environment, then please feel free to reach out to us here.