CREATE

PRIVACY CONSIDERATIONS FOR CREATING INFORMATION:
 
There must be a clear understanding of what constitutes personal data.

 

Learn more
 
Records and data containing personal data should be tagged on creation or receipt along with their retention rules. With 60% of records being unstructured, meaning those records are not in a formal database or file structure, this becomes increasingly crucial.
 
Learn more
 
Data map should be created to show where data resides and how it is shared or moved between applications or repositories -- both internal and external. This is mandatory for some privacy laws and helps identify sources of breached
data.

 

Learn more
 
For already exisitng legacy records and data that could be on microfiche, tapes, paper as well as on servers or in the cloud, it is important to initiate a project to identify records with personal data.

 

Learn more
‹ BACK

USE

PRIVACY CONSIDERATIONS FOR USING INFORMATION:

 

 
Image paper records to determine if they contain personal data, whether there is potential AI usage, tag them and, if no longer required, destroy them.

 

Learn more
 
Facilitate and enable quick access to records with personal data to comply with privacy law such as the "right to be forgotten".

 

Learn more
 
Transition data off of microfiche, tape or other formats to enable access and compliant management of personal data.

 

Learn more
‹ BACK

STORE

PRIVACY CONSIDERATIONS FOR STORING INFORMATION:

 

 
Ensure personal data is securely stored on-site or off-site.

 

Learn more
‹ BACK

DESTROY

PRIVACY CONSIDERATIONS FOR DISPOSING INFORMATION:
 
Institute a shred-all program to remove subjective decisions about what constitutes a paper records with personal data.

 

Learn more
 
Securely destroy or safely recycle IT hardware, IT media and mobile devices, etc., that may contain both personal data and sensitive company data.

 

 
Learn more
 
Remove redundant, obsolete, trivial/transitory (ROT) records and data from servers and repositories.

 

Learn more
 
Destroy records and data as soon as possible after retention requirements are met. If data is to be used for machine learning then anonymize personal data.

 

Learn more
‹ BACK