Notes (alphabetical)
Search to quickly find notes, articles, guides, and resources across the site.
Search to quickly find notes, articles, guides, and resources across the site.
A data breach can be defined generally as when sensitive or confidential information is accessed or disclosed without authorisation. The UK Information Commissioner defines a personal data breach as: .. a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. This includes breaches that are the result of both accidental and deliberate causes. UK Information Commissioner’s Office
Data classification is the process of organising data into categories based on sensitivity and criticality to the organization. This process is crucial for effective risk management, as it enables organisations to identify and prioritise the protection of their most valuable and sensitive information assets. By understanding the different levels of risk associated between data types, organisations can implement security controls and procedures to mitigate threats, comply with regulatory requirements, and minimise the impact of data breaches. ...
As organisations increasingly operate in digital environments, they are creating and handling ever-increasing volumes of sensitive data, including customer information, employee records and confidential business data. This will also include personal data, a special category that carries additional legal protections and obligations. A robust data classification and labelling process is therefore essential for managing information security and meeting these legal and regulatory obligations. What is Data Classification? Data classification involves categorising data based on its sensitivity and potential impact if compromised. Examples include: ...
Data loss prevention (DLP) helps organisations protect sensitive information from loss, misuse, or unauthorised access. DLP is a strategy and set of tools designed to prevent sensitive information from leaving an organisation’s control or being accessed by unauthorised users. It works by identifying, monitoring, and protecting data in three states: when it’s being used, when it’s being transferred (such as over a network or email), and when it’s stored on devices or servers. DLP tools use content inspection and security analysis to achieve this. ...
What is data privacy? Data privacy refers to the proper handling, processing, storage, and use of personal information to protect the confidentiality and integrity of individual’s data. It ensures that personal information is not only secured, but also remains accurate, and is only used for its intended use. Data privacy encompasses the policies, procedures and practices that organisations adopt to ensure personal data is collected, used, and shared in a lawful and transparent manner. These practices must comply with legal obligations such as GDPR and other application data protection laws, and must extend beyond the organisation itself to include third-party vendors such as data processors who may also be handling the data. ...