Limiting data collection is the most important way that an organization can protect personal privacy. If an organization does not collect personal information in the first place, it can’t abuse, lose, or otherwise mistreat that information. In this video, learn about the ways that organizations can limit the data they collect.
- [Narrator] Limiting data collection…is the most important way…that an organization can protect personal privacy.…If the organization doesn't collect personal information…in the first place, it can't abuse,…lose, or otherwise mistreat that information.…As I discussed in the last video,…the generally accepted privacy principles…require that organizations provide individuals…with notice of the information that they collect,…the ways that they will use it,…and that the obtain the consent…of individuals for that use.…
This is just the first barrier to data collection.…Organizations should never collect information…that falls outside of the disclosures…that they've made to individuals,…even if it's easy to do so or seems to be…incidental to the approved purpose.…If you do have a legitimate need…to collect more information than you've disclosed,…you should revise your disclosures,…notifying individuals of the new information…that you're collecting and how you will use it.…
Obtain new consent prior to collecting new information.…
Looking for study partners?Join the CISSP Exam study group
CISSP is the industry's gold standard certification, necessary for many mid- and senior-level information security positions. Learn about best practices needed to complete the second domain of the 2018 Certified Information Systems Security Professional (CISSP) exam: Asset Security. Instructor Mike Chapple explains the importance of data governance policies and roles, and how you can develop security baselines that leverage industry standards. Learn how to avoid liability by limiting data collection, and control your exposure with file encryption, system-level file permissions, and cloud storage security options. Plus, find out how to properly retain and dispose of sensitive information.
Find the companion study books at the Sybex test prep site and review the complete CISSP Body of Knowledge at https://www.isc2.org/cissp-domains/default.aspx.
- Understanding data security policies and roles
- Limiting data collection
- Developing security baselines
- Leveraging industry standards
- Restricting access to data with Windows and Linux file permissions
- Encrypting data
- Securing cloud storage