Privacy & Security

Objective: Protect sensitive corporate information from inappropriate use or disclosure that includes intellectual property, proprietary information (financial transactions, HR) and includes information subject to privacy requirements such as customer information (PII, PCI), health information (PHI) and employee benefits.

Challenge: More stringent legal requirements, regulatory enforcement and industry standards for protection of personal information of customers and employees (e.g., HIPAA, PCI, PII, Data Protection Directives, GLBA). Excessive collection and proliferations of protected information in business processes and systems that were not designed to address new privacy requirements. Leakage of protected information from official systems to less-secure repositories, such as email and file shares. Insecure handling and disposition of hard copy, removable media, retired PC, laptops, systems and servers. Lack of a corporate information classification standard and guidelines, controls, and processes for enforcement. Local PC/laptop hard drives not encrypted, removable media with minimal or no encryption, mobile devices containing sensitive data

Contoural: Assess current policies and practices for protection of sensitive documents and information. Develop a Record Type Inventory that identifies sensitive information types and specific requirements. Develop a Data Classification Standard for marking documents and information, and educating employees on requirements for compliance. Work with stakeholders to identify administrative, physical and technical controls. Develop procedures/processes to place/keep each class of information in repositories that can provide the required controls and safeguards. Identify taxonomy for search and monitoring of company specific documents and terms for use in Data Loss Prevention tools.

Resources

Seven Essential Storage Strategies

Outlines seven essential strategies for archiving that drive cost savings, risk reduction, and IT transformation. Also covers the reasons why archiving is important, such as data storage efficiency, information transformation, coping with eDiscovery, and regulatory requirements.


2015-11-18 Read the Summary and Request the White Paper

Is It Time to Consider Automated Classification? Part One: A Better Approach is Needed

This white paper covers what auto-classification is and why organizations find it worthwhile to take a fresh look at it.  Also answers the question of why an organizations should classify records, being wary of “fauxpliance,” the impact of poor record compliance on eDiscovery and data privacy, and auto classification accuracy.


Sponsored By:
2018-08-17 Read the Summary and Request the White Paper

Real-World Strategies for Archiving and Decommissioning Legacy Applications

Each year, Enterprises invest millions of dollars in application portfolios needed to run the business.  But as investments in the latest and greatest technology continue to grow, managing legacy systems becomes increasingly complicated and costly for IT, diverting budget from innovation and increasing risk from an ediscovery and compliance perspective. 

 

Developing a strategy for archiving only the data and content that is valuable or regulated and retiring legacy applications will help reduce operational cost, empower critical decision-making, and make your business more agile and efficient. 


Sponsored By:
2017-12-14 Read the Summary and Request the White Paper

 

 

Six Steps for Creating A Super Data Map

ARMA Information Management Magazine
October 1, 2014

Read Article

Building A Case for Information Governance Program

ACC Docket
October 1, 2014

Read Article

ACC Webcast: IG 101 - An Information Governance Class Part 1

Association of Corporate Counsel

January 24, 2019


CCPA 101 Series - CCPA and State Privacy Overview and Updates

CCPA and State Privacy Overview and Updates

February 06, 2019


View All Upcoming Events

 

Creating Modern, Compliant, and Easier-to-Execute Records Retention Schedules In this white paper, Contoural outlines the best practices for creating and maintaining a records retention schedule that is modern, compliant and eas... 2018-01-01
Read the Summary and Request the White Paper

Creating a California Consumer Privacy Act Action Plan Part 1 This white paper is part one of a two-part series, and provides an overview of CCPA requirements,  defines personal information under the new law... 2018-10-01
Read the Summary and Request the White Paper