One of the joys of Confluence is that it’s so easy to create, edit and share documents across different teams and projects.
With all this content, however, the chances are you’re going to have some sensitive data hiding there. And this can incur real-world risks for your people and projects.
Unless you fully understand the types of data included within your Confluence pages, and have the right protections in place, confidential or high risk information can be mishandled, shared inappropriately or even lost.
The good news is that you can take steps to protect this information. The first of these steps is finding the sensitive data… and that’s the topic of today’s blog post.
What is Sensitive data?
Before we get going, it may be helpful to run over a few definitions.
When we refer to ‘sensitive data’ in the context of this post, we mean information that could result in problems or damages, either to your organization or your people, should it be mishandled or lost. Think confidential product specifications, company financials, legal briefs or employees’ PI (personal information).
This could exist in a range different forms. From HR records and contracts, to lists of event attendees or succession planning, there’s a high chance sensitive data is going to be lurking – undetected.
What about ‘special category data’?
If you’re familiar with the principles of the GDPR (General Data Protection Regulation), you might recognize the term ‘special category data’. This is highly sensitive information which may relate to a person’s racial or ethnic origin, their religious beliefs, political views, sexual orientation, and more.
The ICO (Information Commissioner’s Office) here in the UK explains why this data is classified as ‘special category’:
‘[The] use of this data could create significant risks to the individual’s fundamental rights and and freedoms.’
ICO
It’s unlikely you would be holding this kind of data within your Confluence, as the GDPR sets out strict conditions for processing and storing it.
If your Confluence is home to special category data, you must make sure that you have grounds to store it in the first place, including having gained consent from the individual(s) in question. You must also ensure that it is processed and protected in line with the GDPR.
The ICO has a ton of useful guidance to help you do with this.
For folks not in Europe, other privacy laws and regulations, like the CPRA (California Privacy Rights Act) also provide clear definitions of ‘sensitive personal information’.
Just a quick reminder here…
In the context of this blog post, we are not talking about ‘special category data’, as defined by the GDPR or any other privacy regulation.
If you are processing and storing this kind of information in your Confluence, you must ensure you comply with the processing conditions and other considerations as laid out in the relevant regulation(s).
If you’ve got sensitive data in Confluence, Compliance for Confluence is your best friend.
Start protecting your data today with Compliance for Confluence!
How could sensitive data get into your Confluence?
Remote working has contributed to the growth of sensitive data in Confluence, as more and more teams share and store documents online. We’ve also seen situations where an organization’s use of Confluence has increased rapidly and internal data protection processes have been unable to scale accordingly.
From new business tenders to competitor analysis, you could have whole heap of information in your Confluence that should be labelled as sensitive or internal-only. Even innocent-seeming documents, like a marketing proposal, for example, might contain confidential insights.
It’s no bad thing to store sensitive data in your Confluence – as long as you’re aware that it exists, know where it’s located, and understand how to manage it properly.
How to find high-risk information in Confluence
Now, you may be reading this and feeling a little spooked. What’s hiding in your organization’s Confluence – and how can you find it?
Luckily, we can help you with the detection piece.
Using Compliance for Confluence to detect your sensitive data
As you almost certainly know, the Atlassian Marketplace is bursting with apps to extend and super-charge Confluence’s capabilities.
One of those apps is Compliance for Confluence. Available across Cloud and Data Center, it’s packed with features to help you detect, protect and manage confidential data. (We know, because we made it!)
Today, we’re focusing solely detection. (We’ll cover wider data protection in Confluence in a future post.)
How it works
Compliance for Confluence can automatically detect some forms of sensitive data on your Confluence pages, such as credit card numbers or email addresses, and will alert you each time this kind of information is discovered.
The app detects sensitive information in real-time, meaning you can quickly take action. This is so important; the faster you act, the more likely you can mitigate the risk of that data being misused or falling into the wrong hands.
What kind of data can Compliance for Confluence find?
Compliance is already set up to scan for the following detection types:
- Credit card numbers
- Email addresses
- Phone numbers
- User names
It’s super simple. As soon as you’ve enabled these detection types, the app will begin parsing your content for them. This detection feature is always active, continuously scanning for sensitive data. So, every time you add a new page or someone makes an edit, you’ll have peace of mind that any high-risk information will be flagged automatically.
What if you need Compliance for Confluence to detect other data formats?
You didn’t think we’d leave you with just those four detector types, did you?
The Compliance app allows you to create new detection types, from post codes and zip codes, to dates and social security numbers. You can write your own regular expressions to detect other kinds of sensitive data relevant to your organization.
Are you curious about how to create your own detection types in Confluence to find sensitive information?
Let Compliance for Confluence do the hard work for you!
Detection is a vital first step in data protection
Remember the old proverb, ‘An ounce of prevention is worth a pound of cure’?
Well, that saying really holds up here. If sensitive data is detected and your team is alerted, it gives you all the chance to take action and mitigate risks.
Before Compliance for Confluence, this would have been a manual job, perhaps going through reams and reams of pages to find the sensitive information. And with human error at play, some data may have been missed despite a team’s best efforts.
Now, with Compliance for Confluence, you know exactly where your sensitive data is hiding. You can then begin with the next step: Protecting it.
Join us next time for Part 2 in this series: How to Protect Sensitive Data in Confluence.
