Data Protection Principles

Financial companies need to collect and share sensitive information to run their everyday business. Members of SIFMA’s Data Protection Working Group have developed a set of principles for the protection of sensitive data that align to the NIST Cybersecurity Framework.

  • Data collection: Limit the collection of sensitive data to that which is directly relevant and necessary to accomplish a specified purpose
  • Data usage: Preventative and detective controls to limiting access to sensitive data to authorized users
  • Data sharing: Policies to protect information when it needs to be shared with external entities
  • Data Disposal: Securely eradicate, dispose, or destroy sensitive data when appropriate
  • Overarching Data Protection Program Best Practices: Controls and policies to maintain a robust information security environment

Please contact either Charles DeSimone or Tom Price if you have any questions