CompTIA Security+ Exam Notes

CompTIA Security+ Exam Notes
Let Us Help You Pass
Showing posts with label PII. Show all posts
Showing posts with label PII. Show all posts

Thursday, October 10, 2024

Sensitive Data

 Sensitive Data

Sensitive data is information that could be harmful or cause adverse consequences if it's disclosed, misused, or accessed without authorization. It's a higher tier of information than personal data and requires more excellent protection.

Here are some examples of sensitive data:

Personal data: Names, email addresses, phone numbers, birth dates, government-issued identification, and digital identifiers

Financial information: Bank account numbers, debit or credit card details, transaction data, and other financial statements

Business-related data: Trade secrets; planning, financial, and accounting information

Governmental data: Restricted, confidential, secret, or top-secret information

Health-related data: Medical history and other health-related information

Other data: Genetic data, biometric data, data concerning a person's sex life or sexual orientation, and trade union membership

Mishandling sensitive data can put organizations at risk of legal liability claims, operational slowdowns, and lost competitive advantage.

Posted by at No comments:
Labels: , , ,

Wednesday, October 9, 2024

Data Retention Policy

 Data Retention Policy

A data retention policy is a set of guidelines that an organization uses to manage how it stores and disposes of data. It helps organizations comply with regulations and meet business needs while reducing the risk of storing data longer than necessary.

A data retention policy should include:

Data types: What types of data to keep, such as financial, legal, health, or personal data

Retention periods: How long to keep each type of data, based on business needs and regulations

Storage location: Where to store the data, such as on-premises, in the cloud, or in a hybrid storage environment

Access controls: Who can access the data, how they can access it, and when access is granted

Data destruction: How to destroy the data when its retention period ends

Backup storage procedures: How to recover data in the event of loss

A data retention policy is part of an organization's overall data management plan. It's based on the rules of the regulatory body that governs the organization's industry.

Posted by at No comments:
Labels: , , , , , , ,
Subscribe to: Posts (Atom)