Objective: Protect sensitive corporate information from inappropriate use or disclosure that includes intellectual property, proprietary information (financial transactions, HR) and includes information subject to privacy requirements such as customer information (PII, PCI), health information (PHI) and employee benefits.
Challenge: More stringent legal requirements, regulatory enforcement and industry standards for protection of personal information of customers and employees (e.g., HIPAA, PCI, PII, Data Protection Directives, GLBA). Excessive collection and proliferations of protected information in business processes and systems that were not designed to address new privacy requirements. Leakage of protected information from official systems to less-secure repositories, such as email and file shares. Insecure handling and disposition of hard copy, removable media, retired PC, laptops, systems and servers. Lack of a corporate information classification standard and guidelines, controls, and processes for enforcement. Local PC/laptop hard drives not encrypted, removable media with minimal or no encryption, mobile devices containing sensitive data
Contoural: Assess current policies and practices for protection of sensitive documents and information. Develop a Record Type Inventory that identifies sensitive information types and specific requirements. Develop a Data Classification Standard for marking documents and information, and educating employees on requirements for compliance. Work with stakeholders to identify administrative, physical and technical controls. Develop procedures/processes to place/keep each class of information in repositories that can provide the required controls and safeguards. Identify taxonomy for search and monitoring of company specific documents and terms for use in Data Loss Prevention tools.
ARMA Golden Gate: How to Ask for Funding For An IG Project
San Francisco, CAMarch 15, 2017
View All Upcoming Events
Metrics Based Information Governance
Outlines a metrics-based approach that focuses on results in five key areas: compliance, privacy, disposition, litigation readiness, and employee prod...
Read the Summary and Request the White Paper