Data Life Cycle and Protecting the Data.
The principle of integrity and confidentiality is pervasive across all stages. We should always be aware of how securely managing the personal information to prevent accidental loss or unauthorized access. Every data has its own life cycle. This life cycle is the sequence of stages that a data goes through from its initial generation/collection or capture to its eventual archival and/or deletion at the end. While protecting the data always use security by design approach.
- Collection of Data
- Storing of Data
- Using of Data
- Sharing of Data
- Transferring Data
- Retaining Data
- Deleting Data
Collection of Data:
- While collecting data, only collect personal information for the purpose specified in your privacy notice.
- Consider the amount and type of personal data you need for your purpose.
- Never use the data for marketing, advertising, or analytics.
- Only collect personal information that is adequate, relevant, and limited to your specific purpose.
- Only use approved method to collect the data to ensure integrity and confidentiality.
Storing personal Data:
- Always ensure to store personal information in line with the data storage policy that are applicable.
- Ensure hard copy of data is securely locked and pseudonymizing data before storing.
- Financial records and trade secrets need to be stored with the according access and use permissions.
- The data storage solution/system needs to be adequate in terms of long period of storage capability and redundancy.
- Since, many organizations presently choosing cloud service for their primary data storage instead of their local on premise infrastructure. While this is a feasible approach, given that the cloud service provider offers acceptable and adequate redundancy, it comes with the risk of losing the full control of the data and, in cases where the data is neither encrypted in transit nor at rest, unauthorized access to the data by the provider is possible.
Using Data:
- Any changed or additional uses of personal information must be documented.
- Ensure personal information is accurate and used as per requirement.
Sharing Data:
- Prevent unauthorized access on data while sharing.
- Ensure secure mechanism and best practices while sharing data such as end-to-end encryption, double check permission settings, maintaining audit trail etc.
Transferring Data:
- While transferring data, Secure Data Transfer (SDT) provides a way to securely read and write logical volume data between groups or clusters within a network.
- SDT uses OpenSSL software libraries with the TLS 1.2 protocol following both AES-256 and AES-128 bit key.
- Sharing personal information across borders can be sometimes complex.
- The secure transmission methods of data transmission are Email encryption, Website encryption, FTP and SFTP protocol use.
- Encrypt data in motion, encrypt data at rest and authenticate from both sender and receiver end to verify.
Retaining Data:
- There shall be data retention policy documented. A data retention policy is a key step in managing and protecting an organization’s important data to avoid any civil, criminal and financial consequences and attract penalty that sometimes outcome from poor data management practices.
- Determine regulations that is applicable for you and your organization.
- Only retain personal information which have specified purpose.
Deleting Data:
- When you have your job done, delete the personal data.
- Dispose the data or delete the data securely.
- Use shredder in case of destroying the hard copy or paper documents. Use data wipe tools for securely erasing the data from hard drive.
- Types of data deletion also includes overwriting, formatting, degaussing, physical destruction (drill or crush) etc.
The data breaches consequences are rapidly growing day by day. So be aware and educate the own employees in the organization are also important.
Do you have any additional comments, feel free to post.
Like and Subscribe!
Thanks!
-DR
No comments:
Post a Comment