Data Protection Principles

Financial companies need to collect and share sensitive information to run their everyday business. Members of SIFMA’s Data Protection Working Group have developed a set of principles for the protection of sensitive data that align to the NIST Cybersecurity Framework.

• Data collection: Limit the collection of sensitive data to that which is directly relevant and necessary to accomplish a specified purpose
• Data usage: Preventative and detective controls to limiting access to sensitive data to authorized users
• Data sharing: Policies to protect information when it needs to be shared with external entities
• Data Disposal: Securely eradicate, dispose, or destroy sensitive data when appropriate
• Overarching Data Protection Program Best Practices: Controls and policies to maintain a robust information security environment

Please contact either Charles DeSimone or Tom Price if you have any questions