An organization that handles customer or employee confidential data must protect all stages of confidential data life cycle. Data theft can happen at any stage of the life cycle. The following are the various data life cycle stages.
- Data gathering
- Data transmission
- Data storage
- Data purge
1. Data gathering:
Organization gathers data through physical forms and asks customers to submit data via fax or snail mail. Secure the following:
- Fax machine: Secure, if it is used to gather customer data
- Mail sorting facility: Secure, if customers are sending you information by mail
- Mail delivery: Secure mail delivery to confidential information handling departments.
If your organization is using digital media to gather customer information. You need to secure the following:
- Your or partner website: They must handle data transmission over SSL.
- Data transmission channels: All data transmission channels must be secured.
2. Data transmission:
If your organization shares customer confidential information through printed papers you must secure all paper handling channels and people
If your organization uses digital data transmission, you must secure all wires, source computers, target computers, transmission medium to secure the information.
3. Data storage:
All physical and digital data storage facilities, machines, and cabinets must be secured. All personal handling such information must be trained in confidential data handling.If you use a third party vendor or software that must be verified for the data security.
4. Data purging/retirement:
Hard drives that had customer confidential data must be dismantled or formatted. All discarded papers with confidential information must be burnt or shredded. Ensure that your cloud services provider that handles your customer data does not recycle its hard drives without formatting them.