What CIOs should know about the legality of protecting data - Techaeris | The Marteq Alert | Scoop.it

Here is what you should know about the legality of data protection:

PRIVACY AND SECURITY BY DESIGN IS AN OBLIGATION
Avoid focusing too much on security that you forget to think about the ease of use. If a software, application, or program is made tough to use by security features, the user will most likely look for workarounds, making the security features less effective.

DATA PROTECTION SHOULD TAKE A RISK-BASED APPROACH
Not all data is created equal. Some data will be more valuable to threat actors than others, which is why you need to take data protection with a risk-based mentality. This starts with creating in-depth data inventories to identify the data you store across different platforms, from social media to business databases.

TAKE ACCESS CONTROL SERIOUSLY
Implementing strong access control policies will help you mitigate insider threats. Data access should be based on a zero-trust model, and people you should only grant access to sensitive data with regard to the role of your employees. 


EMPLOYEE TRAINING IS A NECESSITY
90% of data breaches arise from human error. Your workforce is at the frontline of data privacy and security. If they don’t understand the security measures you have in place, they could easily launch data breaches.