There are two significant trends occurring right now that shouldn’t be a surprise to anyone reading this post. First, businesses are gathering and leveraging more and more data to improve their core services. Second, more compliance and regulatory standards are popping up from governments and private organizations. As these businesses realize that collecting and utilizing data improves efficiencies, sales or other goals, regulators are waiting in the wings to scrutinize how the data is being used.

This is for the best, of course. Businesses need to be able to access and use data quickly to maintain profitability and effectiveness, but they also need to ensure they are securing the data to protect the privacy interests of everyone involved. An organization’s productivity is essentially rendered meaningless if it begins incurring fines from violations of GDPR, HIPAA, PCI or any of the numerous and growing state regulations on personal data.

Good data governance requires businesses to keep productivity high while also securing the privacy and integrity of the data. In this article, I offer advice on how to properly handle sensitive data in the 2020 landscape.

Defining Sensitive Data

There is no way to accomplish your goals unless you first create the framework for defining them. Many organizations get enthusiastic about upgrading their technology or creating new ways to work, but they don’t consider the structure around this until later. If you want to get better outcomes and avoid liability, policy should really come first.

The first step is to define what you deem to be sensitive information. It can be hard to list every piece of data that could be considered sensitive, so you need to keep this broad.

One approach is to list things you know are sensitive such as user lists, passwords and system information. You can (Read more...)