Limiting data collection is the most important way that an organization can protect personal privacy. If an organization does not collect personal information in the first place, it can’t abuse, lose, or otherwise mistreat that information. In this video, learn about the ways that organizations can limit the data they collect.
- [Narrator] Limiting data collection…is the most important way…that an organization can protect personal privacy.…If the organization doesn't collect personal information…in the first place, it can't abuse,…lose, or otherwise mistreat that information.…As I discussed in the last video,…the generally accepted privacy principles…require that organizations provide individuals…with notice of the information that they collect,…the ways that they will use it,…and that the obtain the consent…of individuals for that use.…
This is just the first barrier to data collection.…Organizations should never collect information…that falls outside of the disclosures…that they've made to individuals,…even if it's easy to do so or seems to be…incidental to the approved purpose.…If you do have a legitimate need…to collect more information than you've disclosed,…you should revise your disclosures,…notifying individuals of the new information…that you're collecting and how you will use it.…
Obtain new consent prior to collecting new information.…
Find the companion study books at the Sybex test prep site and review the complete CISSP Body of Knowledge at https://www.isc2.org/cissp-domains/default.aspx.
Note: This course is part of a series releasing throughout 2018. A completed Learning Path of the series will be available once all the courses are released.
- Understanding data security policies and roles
- Limiting data collection
- Developing security baselines
- Leveraging industry standards
- Restricting access to data with Windows and Linux file permissions
- Encrypting data
- Securing cloud storage