If you don’t know who owns a piece of data, how can you go through a formal access approval process? You can’t, at least not as effectively. Similarly, you can’t properly account for assets if you don’t know which department owns them, or assign the right type of laptop for high-risk travel if you don’t have the assets classified.
Data owners are responsible for classifying the data they own. In larger companies, an asset management department handles asset classification. A custodian is a hands-on role that implements and operates solutions for data (e.g., backups and restores). A system owner is responsible for the computer environment (hardware, software) that houses data; this is typically a management role with operational tasks handed off to the custodian.
All workers need to be aware of the company’s privacy policies and procedures and know how to contact data owners in the event of an issue. Key terms to understand include the following:
- Data owners. Data owners are usually members of the management or senior management team. They approve access to data (usually by approving the data access policies that are used day to day).
- Data processors. Data processors are the users who read and edit the data regularly. Users must clearly understand their responsibilities with data based on its classification. Can they share it? What happens if they accidentally lose it or destroy it.
- Data remanence. Data remanence occurs when data is deleted but remains recoverable. Whenever you delete a file, the operating system marks the space the file took up as available. But the data is still there, and with freely downloadable tools, you can easily extract that data. Organizations need to account for data remanence to ensure they are protecting their data. There are a few options:
-
- Secure deletion or overwriting of data. You can use a tool to overwrite the space that a file was using with random 1s and 0s, either in one pass or in multiple passes. The more passes you use, the less likely it is that the data can be recovered.
-
- Destroying the media. You can shred disk drives, smash them into tiny pieces, or use other means to physically destroy them. This is effective but renders the media unusable thereafter.
-
- Degaussing. Degaussing relies on the removal or reduction of magnetic fields on the disk drives. It is very effective and complies with many government requirements for data remanence.
- Collection limitation. Security often focuses on protecting the data you already have. But part of data protection is limiting how much data your organization collects. For example, if you collect users’ birthdates or identification card numbers, you then must protect that data. If your organization doesn’t need the data, it shouldn’t collect it. Many countries are enacting laws and regulations to limit the collection of data. But many organizations are unaware and continue to collect vast amounts of sensitive data. You should have a privacy policy that specifies what information is collected, how it is used and other pertinent details.
I really like it whenever people get together and share opinions.
Great website, keep it up!
Awesome article.
Awesome article.
Takk for å gi svært gode artikler. Jeg ønsker kan du holde oppdatere
dem.
I like the valuable information you provide in your articles.
I will bookmark your weblog and check again here frequently.
I am quite sure I’ll learn a lot of new stuff right here!
Best of luck for the next!
deep research on latest topics
Wonderful blog! Do you have any hints for aspiring writers?
I’m hoping to start my own blog soon but I’m a
little lost on everything. Would you advise starting with a
free platform like WordPress or go for a paid option? There are so many choices out
there that I’m completely overwhelmed .. Any tips? Thank
you!