One day I was having a conversation with my friend Takaya regarding holiday plans during the global pandemic. I figured since there’s nowhere to go, I might just try Marie Kondo’s life-changing magic of tidying up. +, the person I was speaking with is also a privacy fanatic like me, so the topic quickly evolved from tidying homes to tidying data.
The truth is the life-changing magic of tidying up does apply to privacy. Without stealing the fun of reading the book itself, here is why:
The goal of the declutter concept is to get rid of things you don’t need so that you can have more control. By 2025, 据估计 that 463 exabytes of data will be created each day globally, and 188 million emails 每分钟都在发送. 除了产生更多的数据, organizations also collect and process a massive amount of it each day, 当然, personal data is an important part of that. Do we really need to collect all the data, to begin with? Personal data that’s unnecessarily collected ends up in our storage and takes up space, which costs a lot of money to maintain and protect. From a security perspective, we’re increasing our attack surface. Therefore, let’s limit our risk exposure by collecting only the minimum necessary personal data.
“Tidy by category … and you’re on the path to success”
你无法保护你不知道的东西. It’s good to inventory the massive data that you already have on hand, and like 玛丽用她的方法提出建议按类别工作. Combat unstructured data with data classification. With a clear classification system in place, organizations can further assign the level of protection per category. Data classification also comes in handy when practicing the zero-trust concept these days, whether it’s on-premise or in the cloud (increasingly popular during the pandemic). Regardless of whether this move happens in phases or drag-and-drop, the protection for each classification goes with the data.
“The key is to pick up each object one at a time, and ask yourself quietly, does this spark joy? Joy is personal, so everyone will experience it differently…”
This is analogous to how there isn’t an international standard on data retention. Each country or even each industry has its own requirement on how long a certain type of data should be kept. While the IRS in the US requires keeping tax data for three years after filing, 欧盟GDPR法规, 另一方面, 没有指定保留期. 而不是, 根据第五条, it states that “for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes.”
“Cherish the items that bring you joy and let go of the rest with gratitude.”
在收集数据之前, 这是有目的的, and the rest of the lifecycle of that personal data is served around that initial purpose. Once it no longer exists, it’s time to discard.
“整理是一场马拉松,不是短跑”
隐私 is not a one-time sprint for organizations just to check off the compliance box or to get certified. It’s a long-term practice that should be incorporated throughout daily operations and to enable an organization to be steady and successful. 也, 比如KonMari方法, it “places great importance on being mindful, 内省与前瞻性.”
Good luck with your data tidying and let your data spark joy going forward!
作者简介: 姗姗爸爸 is an experienced compliance officer with a demonstrated history of working in various industries and skilled in Data 隐私, 安全, 澳门赌场官方下载风险管理, Internal Audit and Business Process Improvement.
