Podcast
Questions and Answers
What is the primary step in planning data protection for an organization?
What is the primary step in planning data protection for an organization?
- Undertaking an inventory of personal information (correct)
- Identifying risks that could affect reputation or legal compliance
- Classifying data according to its level of sensitivity
- Instituting controls on access to sensitive data
What type of data records must be included in the inventory?
What type of data records must be included in the inventory?
- Neither customer nor employee data records
- Only customer data records
- Only employee data records
- Both customer and employee data records (correct)
What is the purpose of classifying data according to its level of sensitivity?
What is the purpose of classifying data according to its level of sensitivity?
- To identify the source of the data
- To define the clearance of individuals who can access or handle the data (correct)
- To determine the type of data
- To evaluate how the data is shared
What is the next step after completing an inventory of personal information?
What is the next step after completing an inventory of personal information?
What is the purpose of segregating highly sensitive data from less sensitive data?
What is the purpose of segregating highly sensitive data from less sensitive data?
How often should the inventory of personal information be reviewed and updated?
How often should the inventory of personal information be reviewed and updated?
Study Notes
Data Inventory and Classification
- An organization must undertake an inventory of all personal information it collects, stores, uses, or discloses, including customer and employee data records.
- The inventory should identify the types, sources, and uses of personal information (PI).
- Data location and flow must be documented, including how, when, and with whom information is shared.
- Risks that could affect reputation or legal compliance must be identified.
Classifying Information
- Data should be classified according to its level of sensitivity after completing an inventory.
- The classification level defines the clearance of individuals who can access or handle data and the baseline level of protection required.
- Steps for classifying information include:
- Completing an inventory of personal information
- Classifying data based on level of sensitivity
- Segregating highly sensitive data from less sensitive data
- Instituting controls on access
- Classification levels include:
- Confidential
- Proprietary
- Sensitive
- Restricted
- Public
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Description
Learn about the importance of identifying and documenting personal information within an organization, including customer and employee data records, data location, and flow.