Data Protection Principles
Financial companies need to collect and share sensitive information to run their everyday business. Members of SIFMA’s Data Protection Working Group have developed a set of principles for the protection of sensitive data that align to the NIST Cybersecurity Framework.
- Data collection: Limit the collection of sensitive data to that which is directly relevant and necessary to accomplish a specified purpose
- Data usage: Preventative and detective controls to limiting access to sensitive data to authorized users
- Data sharing: Policies to protect information when it needs to be shared with external entities
- Data Disposal: Securely eradicate, dispose, or destroy sensitive data when appropriate
- Overarching Data Protection Program Best Practices: Controls and policies to maintain a robust information security environment
Please contact either Charles DeSimone or Tom Price if you have any questions