New tool finds PII hiding on corporate systems

The new Australian privacy legislation that came into effect on 12 March 2014 has increased the pressure on businesses to correctly collect, store, secure and dispose of Personally Identifiable Information. But does you business really know what information they are storing and where it is?
Ground Labs has released Data Recon, a Personally Identifiable Information (PII) discovery tool designed to find the data hiding on computers within your business.

"The risk of system compromise is always there – no system is impregnable," says Stephen Cavey, co-founder and director of Ground Labs. "By knowing where data is stored appropriate risk mitigation can be put in place".

Data Recon is similar to Ground Labs' other product, Card Recon. That application is able to scan systems for credit card information stored on computers. It has a big brother, Enterprise Recon, which can scan across a network. Card Recon and Data Recon can be run from a USB stick and executed to check a system.

Some of the results of those scans have been nothing short of stunning.

"One customer swore black and blue that there were no credit cards on their systems but Card Recon found over 100 million records. These were being uploaded by a bank through a secure channel unbeknownst to the client," said Cavey.

This is the challenge for businesses. Individuals often store sensitive data on unsecured systems without understanding the consequences. Data Recon can scan cloud-based systems such as Google Apps and Amazon s3 and can even discern information in images such as scanned, handwritten documents.

The Data Recon software gives a full audit of any PII and other sensitive information held within corporate systems. It uses search algorithms with an interface that can be configured to search for identifiers such as Medicare and health insurance identifiers, Tax file Numbers, passport numbers and personal names, home addresses and phone numbers.

Once the data is identified, companies can choose what actions to take.

“Many companies are not aware of the amount of personal information contained within their corporate IT systems, let alone whether it is all securely and safely stored and this often explains why large-scale data breaches have occurred so easily. Data Recon attempts to combat this threat by finding any personal customer information and ensure that it is both secure and compliant. One of the simplest ways to protect your customers is to know where sensitive data is held, permanently delete what you don’t need, and adequately secure the sensitive information that you need to store,” Cavey said.

The risks of customer data being accidentally or maliciously exposed are significant.

“Organisations can find themselves increasingly exposed to both reputational risk and real financial penalties by not adequately protecting personal data of customers," said Cavey.

Data Recon has been designed for international use to meet the privacy regulatory requirements of more than 50 countries around the world.

This article is brought to you by Enex TestLab, content directors for CSO Australia.