No government agency wants to deal with data breaches, but they do occur. In 2019 alone, there were several that compromised New Zealand citizens, including privacy breaches, leaked details, and private details being shared online.
Data breaches expose innocent citizens to risk, undermine public confidence in government and in digital transformation, as well as cause reputational damage to the organisations involved. How can crown agencies protect themselves?
Government departments take these breaches very seriously and many are taking action to mitigate the risk of sensitive data being accessed via their websites. The Syl Validator solution helps contain data breaches through your website, providing greater protection and security for government data.
The solution works by crawling your websites looking for any data entities that shouldn't be in the public domain, such as:
These are included with the Syl Validator by default, but new validation rules can be tailored for an organisation's individual needs.
The Syl validation could be used by anyone to look for specific data entities within online public documents such as an IRD number or credit card number. It can tell the difference between IRD, credit card and bank account numbers, because these numbers are generated using algorithms.
This is a simplified example of the two-stage process that Syl uses to validate discovered data and make it available for adding to metadata:
1. Syl Validator identifies possible matching data based on pattern-matching rules within the system. This stage doesn't validate the data, it simply identifies a possible match. This simple pattern-matched data is then checked during the next stage.
2. The validation algorithm designed by the issuing authority (and implemented into Syl) is then used to check that the pattern matched data entity is legitimate which would therefore constitute a possible data breach.
The validator can be incorporated into Syl's rules or notifications. This means that any document can be held or quarantined until a specific action has been carried out, or a person notified that personal data may be publicly available.
It's also useful to allow you to check the personal information isn't going to be exposed on a web site. Had this been in use on government websites recently, serious data breaches could have been avoided.
Providing that an algorithm for validating a data entity exists, Syl can add more validators based on individual requirements.