search the site
did you know?
- TSS can discuss security precautions and explain how to implement security policies within your department.
Find out more >> - Handling restricted data? We can assist your dept. with securing restricted data and offer strong security recommendations for free.
Request assistance >>
Overview
In order to protect sensitive data, you need to examine your existing business processes. Review your existing business processes which request or process sensitive data in order to assess the state of data security.
Checklist
Look at your existing business processes which request or process sensitive data and answer the following questions:
- Based on the Data Classification Table, is my department collecting "Restricted Data"?
(For more information on the different categories of sensitive data, review the ITS Data Classifcation Table here) - How is the data being used?
- Is it necessary to performing a business function?
- Who within my group needs access to these data?
- How long do we need to keep these data?
Make a plan for restricting collection and storage to meet the "minimum necessary" standard for access to sensitive data. In other words: 1) One only collects the minimum that is required for a business process 2) Access to that data is only granted to the smallest number of employees required 3) The data is kept for the shortest period of time possible before it is properly disposed of.
Once you have completed this process, begin reviewing where data is stored and collected.
Step 2 - Reviewing Data Storage & Collection >>>
Page last reviewed: Aug 14th, 2009