Company policies on protecting personal data

0 pts.
Tags:
Application security
Biometrics
Compliance
CRM
Database
Digital certificates
Disaster Recovery
Encryption
Identity & Access Management
Instant Messaging
Laws
Microsoft Exchange
Policies
provisioning
Regulations
Risk management
Secure Coding
Security
Security Program Management
Security tokens
Single sign-on
standards
I'd like to know what policies other companies have in place to protect personal data of employees, customers, etc.(data such as Social Security numbers, credit card numbers and the like) For example, is encryption required for transfer outside the company? How about inside the company? It is required in transmission? Is it required in storage? Both? How about inside the company? How about within a database? How about backup tapes sent off-site? Do you require stronger access controls for those who use this type of data in their everyday job? We're considering stronger policies/standards in this area and I'd like some benchmark information about what other companies are doing. I'm from a large manufacturing company, so any feedback from someone in a similar area would be even more valuable. Thank you in advance.
ASKED: November 6, 2005  11:04 PM
UPDATED: November 7, 2005  7:48 AM

Answer Wiki

Thanks. We'll let you know when a new response is added.

2 options really…

1….everything in house behind firewall non-encrypted while any laptop or remote connections via vpn to be encrypted…

2….encrypt everything

the one thing that holds people back from total encryption is the time it takes to decrypt info in order to view/manipulate.

the easiest method to employ is to set rules in email client to encrypt all messages…..also to protect file sharing on mobile units…..encrypt vpn connections….routinely change passwords….

Discuss This Question: 1  Reply

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Whitecap
    I agree with the previous respondent. However, your starting point should be access control. Only those people that need to see the sensitive information should have access to it. Company policy should then define how the sensitive information is to be handled. In all cases where such information is transmitted over an untrusted network it should be encrypted. If sensitive information is physically sent outside of your security perimeter, eg on laptops, PDAs or backup tapes then encryption should also be implemented.
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following