http://itknowledgeexchange.techtarget.com/itanswers/company-policies-on-protecting-personal-data/ Tue, 21 May 2013 20:11:10 +0000 hourly 1 http://itknowledgeexchange.techtarget.com/itanswers/company-policies-on-protecting-personal-data/#comment-41628 whitecap Mon, 07 Nov 2005 07:48:22 +0000 #comment-41628 I agree with the previous respondent. However, your starting point should be access control. Only those people that need to see the sensitive information should have access to it. Company policy should then define how the sensitive information is to be handled. In all cases where such information is transmitted over an untrusted network it should be encrypted. If sensitive information is physically sent outside of your security perimeter, eg on laptops, PDAs or backup tapes then encryption should also be implemented.

]]>