登录查看更多内容

How can you ensure data privacy risks are addressed in data disposal policies?

由人工智能和领英社区提供技术支持

Data disposal is the process of deleting, destroying, or erasing data that is no longer needed, used, or relevant. However, data disposal also involves data privacy risks, such as unauthorized access, disclosure, or theft of sensitive or personal information. Data governance is the practice of ensuring that data is properly managed, protected, and used throughout its lifecycle. Data governance can help you address data privacy risks in data disposal policies by following some best practices and principles. Here are some tips on how to do that.

此文章中的业界达人

由社区从 5 条内容中精选。了解更多

1 Assess data sensitivity and retention

Before disposing of any data, you need to assess its sensitivity and retention requirements. Data sensitivity refers to how much harm or damage could be caused if the data is compromised or exposed. Data retention refers to how long you need to keep the data for legal, regulatory, or business purposes. You should classify your data according to these criteria and apply appropriate disposal methods and schedules. For example, you may need to keep financial or health records for a certain period of time, but you can delete marketing or customer feedback data after a shorter period.

添加您的观点

Jon Hallberg CISSP, GSEC

Information Technology and Security.
举报内容
Keep in mind that none of this is even possible without a solid understanding of what data you have (data inventory), and what type of data it is (data classification). Many organizations have policies in place that tell folks how to handle data, but unfortunately lack the practical implementation of the basics. Know your data, know it's value and its risk, tag it, track it, and dispose of it properly. Policy that isn't followed in practice, isn't policy, its extra risk and liability.

已翻译

赞
Ben Barnes

Corporate Counsel at AmTrust
举报内容
Create a retention schedule so that you know how long data must be kept. Regulations change frequently so make sure to update it regularly. You should consider a robust data classification policy. Implementing data classification early in the information life cycle will assist employees handling this data and help you when it comes time to dispose of the information.

已翻译

赞

2 Choose suitable disposal methods

Depending on the type and format of the data, you need to choose suitable disposal methods that ensure the data is irrecoverable and inaccessible. For example, if you have paper documents, you may need to shred, burn, or pulp them. If you have digital data, you may need to overwrite, encrypt, or degauss them. You should also consider the storage media and devices that contain the data, such as hard drives, USBs, CDs, or phones. You may need to physically destroy or wipe them before disposing of them.

添加您的观点

Ben Barnes

Corporate Counsel at AmTrust
举报内容
Some jurisdictions actually list the methods for the disposal of certain types of information. Many vendors will help you dispose of data correctly.

已翻译

赞

3 Implement disposal policies and procedures

To ensure that data disposal is done consistently and securely, you need to implement clear and comprehensive policies and procedures that cover all aspects of the process. For example, you should define who is responsible for disposing of the data, when and how they should do it, and what records they should keep. You should also provide training and guidance for your staff on how to follow the policies and procedures and how to handle any issues or incidents. You should also monitor and audit the data disposal activities and outcomes to ensure compliance and effectiveness.

添加您的观点

4 Review and update disposal policies

Data disposal is not a one-time event, but an ongoing process that needs to adapt to changing circumstances and needs. You should review and update your disposal policies regularly to ensure that they are still relevant, appropriate, and aligned with your data governance goals and standards. You should also consider the feedback and suggestions from your staff, customers, and stakeholders on how to improve your data disposal practices and address any gaps or challenges. You should also keep up with the latest trends and technologies that may affect your data disposal strategies.

添加您的观点

5 Here’s what else to consider

This is a space to share examples, stories, or insights that don’t fit into any of the previous sections. What else would you like to add?

添加您的观点

Sarah Armstrong-Smith

Microsoft Chief Security Advisor, Independent Board Advisor, Best-Selling Author, Keynote Speaker and Fellow British Computer Society
举报内容
Remember that sensitive data doesn’t just reside in production environments, it also sits in test, pre-production and archives. Typically these have lower levels of security controls, and may not be monitored to the same extent. Even if some data is out of date, it still provides enough information that attackers can exfiltrate and utilise for nefarious purposes Therefore it’s important to have a holistic approach to data security that protects it, no matter where it resides. Consider the value of data in different hands, and what controls are needed as a result.

已翻译

赞
Ben Barnes

Corporate Counsel at AmTrust
举报内容
Document disposal as well. Employees change jobs, and companies are bought and sold, so the memory of disposal practices may be lost. By documenting disposal you create a paper trail for others to follow. Sometimes, in a court case, the question is posed, "Why don't you have X records?" With the paper trail, it maybe possible to show that your disposition was defensible and not nefarious.

已翻译

赞

Data Governance

+ 关注

给文章评分

我们借助人工智能创建了此文章。您认为这篇文章怎么样？

很棒不太好

举报此文章

查看全部

How can you ensure data privacy risks are addressed in data disposal policies?

1

2

3

4

5

1 Assess data sensitivity and retention

2 Choose suitable disposal methods

3 Implement disposal policies and procedures

4 Review and update disposal policies

5 Here’s what else to consider

Data Governance

给文章评分

感谢您的反馈

更多Data Governance相关文章

更多相关阅读内容

How can you ensure data privacy risks are addressed in data disposal policies?

1

2

3

4

5

1 Assess data sensitivity and retention

2 Choose suitable disposal methods

3 Implement disposal policies and procedures

4 Review and update disposal policies

5 Here’s what else to consider

Data Governance

给文章评分

感谢您的反馈

查看其他技能