Just over a week ago, the Parliament of Australia passed the Privacy Amendment (Notifiable Data Breaches) Bill 2016 requiring any Australian public sector – including most Australian Government agencies, except for intelligence agencies, private sector and not-for-profit organisation with annual revenue of AU$3 million (US$2.3 million) or greater to disclose any data breach involving an individual’s personally identifiable information (PII), including but not limited to tax file number information (similar to the United States’ social security number or SSN), credit card information, and credit eligibility information. The Bill also applies to specific organisations with revenue under AU$3 million annually, including private sector health services, gyms, weight loss centres, child care centres, private schools, organisations selling or purchasing personal information, credit reporting organisations, and even individuals handling personal information as a business. According to some publications, though, if taken literally, the language in the new Bill appears to require an organisation to disclose information even if they only believe a breach has occurred.
If an Australian organisation determines that a breach of personal information has occurred or is even believed to have occurred, they must notify both the Australian Privacy and Information Commissioner and any individuals at risk of or affected by the data breach as soon as reasonably possible. If it’s not possible to notify individuals at risk or affected by the breach, the Bill requires that the organisation publish a statement on its website. Even personal information from anywhere in the world held or used by an Australian organisation that is at risk of or affected by a data breach must be handled in the same manner as if the personal information was from an Australian citizen. That will be extremely costly for an Australian organisation, and that doesn’t even begin to factor in the costs associated with possible fines, bad press, reputation hits and ultimately, the loss of business and revenue a theft and hack of individuals’ personal information brings!
But, Menlo Security can help. The Menlo Security Isolation Platform (MSIP), with Menlo Security’s patented, public cloud-based isolation and Adaptive Clientless Rendering™ (ACR) technology, delivers a transparent, familiar user experience via native web browsers – such as Google Chrome and Microsoft Internet Explorer – while removing the need for endpoint software or web browser plug-ins. Deployed in the public cloud, the MSIP accesses the web on the user’s behalf and executes the user’s session completely in the cloud so only safe, malware-free information is sent to the user and their device. The MSIP can also launch and proxy in the cloud the most common document types (including Adobe Acrobat, and Microsoft Word, Excel and PowerPoint) accessed by users, safely away from a user’s endpoint, eliminating document-borne malware before it can reach a user’s device. Plus, the MSIP also integrates seamlessly with existing mail servers – such as Microsoft Exchange and Office 365, and web-based email such as Google Gmail and others – enabling any link in any email to pass through the MSIP, isolating all email-based malware threats, including pervasive ransomware. It also eliminates credential theft by allowing any website to be rendered in read-only mode, preventing users from entering their credentials and any sensitive information into a web form. So, it’s isolation driving freedom – the freedom to click safely.
Menlo Security’s public cloud-based Menlo Security Isolation Platform doesn’t detect web-based malware, but prevents it from ever reaching a user and their device. It eliminates drive-by downloads, phishing attacks, spear-phishing, whaling, associated ransomware, and credential theft. Menlo Security’s strategy eliminates web-based exposure, delivering appreciable risk and cost reductions to organisations, and assuring board members and executives that the personal information of employees, customers and all users is safe. And, it can now save most Australian businesses a lot of pain, grief, and cost.