From today’s risk, security and data protection officers are responsible for planning, implementing and managing privacy and security programs. However, the role of executive management is extremely important, without it, an organization can be driven into regulatory non-compliance or be the victim of a data breach.
The policy approach is a first-stage view, and there are two operational approaches to data privacy and security.
Addressing regulatory and compliance requirements is straightforward and often easily conquered with a robust policy. The policy will genuinely address the key areas and define the controls to be put in place. These controls are built in to target the areas defined by the requirements.
In a second stage we find the Data-First approach. A data privacy and security program will have a detailed and documented understanding of all the elements that make up the organization’s data ecosystem. It also presents an acute understanding of the who, what, why, where and how of data collection and security measures and when it is appropriate to delete data.
Bringing these two approaches together we find a very effective and comprehensive result, then building policy criteria based on all data. Storing and securing all data will make it easier to meet compliance requirements. This includes intellectual property, copyrights, patents, trademarks, trade secrets, sales and marketing plans etc.
Searching, finding and deleting sensitive data are inevitable processes in an organization. There is a lot of data that has absolutely no purpose but is sometimes stored in unsecured places. We should process and save only the data that we really need in the future.