Wondering whether you hold any sensitive data? What is sensitive data? Where you can find it? & How you can secure it?
In a nutshell, sensitive data is any data a business considers to be confidential, and that which is bound by regulatory compliance initiatives such as the GDPR.
To break it down, it can be split into 3 sections:
- Personally Identifiable Information (PII)
- Business Information
- Classified Information
This includes, but isn’t limited to, information relating to race or ethnic origin, political opinions, religious beliefs, trade union activities, physical and mental health, sexual life, criminal activity, financial information, health care records, employment records, education records, trade secrets, sales and marketing plans, new product launches, patentable inventions, customer & supplier information, financial data, special security classification data and anything that poses a threat to national security.
Businesses, individuals and the government have a day-to-day responsibility to protect sensitive data; they have had this responsibility for 20 years with the Data Protection Act. Now it’s become more important and necessary with the introduction of the GDPR, which comes into force on May 25th 2018. Non-compliance can lead to significant reputational damage as well as heavy fines.
As a business you need to determine How sensitive the data you have is? Who has access to it? Can you see who has access to it? & most importantly Is it secure?
Start by searching through all your company data and classifying it by putting it into sections relevant to the above categories, set tags on the data to indicate what sensitive information it contains and who can & should have access to it. Set access permissions on that data to ensure its secure and finally set alerts to notify you if there is any unauthorised access or threats to your data.
To get you started, take a look at this 12 Step Guide the Information Commissioner’s Office (ICO) have produced – its a great start to getting organised and may stop you getting a heavy fine or having your data compromised.