More lessons from Sony

What happens when you keep too much sensitive information longer than you really need it?

“Sony Cyberattack Hits Hollywood Stars, Too,” Wall Street Journal, December 5, 2014 B1. Recent hack got multiple copies of social security numbers, some from former employees.

Leaving aside how long you really need to keep that information, how many copies do you really need and do you adequately secure all those copies?  Maybe Europe’s approach isn’t that bad.

Advertisements

Leave a comment

Filed under Board, Business Case, Collect, Controls, Duty of Care, Governance, HR, Interconnections, Internal controls, IT, Management, Oversight, Oversight, Privacy, Protect, Protect assets, Protect information assets, Risk, Security, Third parties

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s