If You Collect It ? You Must Protect It

Sunday, January 28th is National Data Privacy Day, a strong reminder of why it is critical we respect privacy, safeguard data and enable trust in our digital world.  As cybersecurity professionals we must live by the “CIA Triad” – (confidentiality, integrity and availability) every day as privacy is the positive byproduct of it. Confidentiality helps us control what sensitive information can be shared with others and when. Integrity guides us on how information can be stored and accessed safely and legally. , Availability ensures the data is available and retained for the appropriate time. 

It is imperative organizations take this responsibility seriously and look closely at their privacy programs. If you don’t know what sensitive information matters most or where it is, then you can’t protect it. Organizations must determine what data matters most, classify it, make it useless to others, back it up, and then monitor it.  With looming regulations, like the EU General Data Protection Regulation (GDPR), this will become even more important as it will be costly – carrying fines of $20M Euros or 4% of global revenue, whichever is more.

Many organizations are moving towards an omni-channel experience for their customers, which will allow them to better engage anytime, anywhere and from anything.  It also means that companies can have a complete view of their customer, not just from a marketing perspective, but also leverage this information from a security perspective.  In our interconnected digital world an (Read more...)

*** This is a Security Bloggers Network syndicated blog from RSA Blog authored by Angel Grant, CISSP. Read the original post at: http://www.rsa.com/en-us/blog/2018-01/if-you-collect-it-you-must-protect-it.html