Personal Information Security (PIS)
- Create a visibility over personal information — how an organization receives or has exposure to personal information, what is the environment in which the data resides, what are the underlying components that could impact data security, what operations are done on the data and type of accesses are provided on the data — to provide an insight into the current levels of protection and identify the issues
- Devise a plan for implementing the security safeguards for data protection. The plan should encompass the strategic measures, tactical mechanisms, operational preparedness, physical and environment measures including the third party security measures
- Ensure that privacy is integrated with the organization’s IT and Security initiatives. The principles such as ‘Privacy by Design’, ‘Privacy Enabled Technology’ can be explored to integrate privacy in the IT and Security initiatives
- Identify the specific technology options that are designed for privacy, and prepare a plan to acquire such technologies. Some of the technologies are – data minimization, data scrambling, data encryption, etc.
- Use the security framework for ensuring security of data. Make the security organization vibrant, relate its initiatives to the recent trends and approaches and align its efforts to address the real threats to data
DSCI Privacy Framework