Privacy and Data Classification
Where, why, who and what? Four universal questions that can be applied to any situation. However, these are questions you need to answer when it comes to your Data and the Data you hold on behalf of other people. If you don't know what Data you have and where it is you can't protect it. Once you know what you have and where it is you can then ask why.
- Why do I hold this Data?
- Do I need it?
- Am I meant to be holding this Data?
- What are the regulations and compliance frameworks I should be considering?
Our specialists can help you on this journey to answer all of these questions. Once you have the answers you can then start to move on in your Data management maturity.
Data Classification is always difficult as different things have different impacts depending on the context in which they are related. Developing a Classification policy can enable your employees to:
- Understand what Data they can use
- How they can apply it, and more importantly;
- How to classify it appropriately
Privacy by Design
When working on a Data based programme, the ultimate aim is to protect it. The protection applied should be to the appropriate level given the potential impact of it being inappropriately released. The impact could be to your business, or the people who the data belongs to. Our specialists will work with you to develop a programme that builds privacy by design into everything you do, whether it is through database encryption and management, through to appropriately destroying data when it is no longer needed or it has been requested that it is removed from your systems or business. As with security by design Privacy by design must meet the organisation's CIA stance and be focussed on people, policies, processes and technology.
Data Privacy is about:
- Enabling access to the Data by the right people
- Maintaining the integrity
- Enabling the ability to completely delete the information if requested to
- Understanding exactly what Data is held and where it is held
- Enabling audits to be carried out easily and efficiently.
As your business grows and changes, systems become obsolete or better ways of working become possible. We have seen this with the drive of cloud based services such as infrastructure as a service, platform as a service and software as a service. Inevitably moving from one infrastructure to another regardless of whether it is cloud based or on premise will have an amount of Data transfer or migration to be considered. Security considerations our team will look at when supporting your migration activities could include:
- What is the Data being migrated?
- Is it encrypted? Should it be?
- What systems is the Data being moved onto?
- What are the Data Privacy and security controls in place in the new environment?
- Does it meet your organisation's policy and security expectations?
- What gaps are there against your policies and what needs to be done to bridge those gaps?
- Remediation planning and implementation.