Information SecurityProtecting data from unauthorized access, modification, use or deletion. For example, secure authentication, authorization and encryption of data in storage and transit. technical owner of a collection of data responsible for its administration.business owner of a collection of data responsible for its management.
Data ControllerThe owner of compliance for a collection of data. Controls access to the data such as an internal request to take a copy of a database. Segregation of duties as a measure of risk reduction and compliance. For example, different people to approve a request to access a system and those who administer the request. This prevents situations where a single person can be tricked into giving out data.
BackupBacking up data in multiple locations and procedures to restore it.
Data RetentionPolicies for data retention and deletion. For example, deleting personal data when you no longer have a legitimate use for it.
Deletion & DisposalImplementing data deletion and proper disposal of data storage devices.
ComplianceProcesses and procedures that are implemented to comply with regulations. information security incidents and addressing root cause with processes of incident management and problem management.
NotificationsNotification of incidents such as data breaches to business units, executives, government, customers and data subjects as appropriate. data in the event of a major disruption such as a disaster.
|Overview: Data Control|
The process of governing and managing data.