SUMMARY OF DISCUSSION
What is the discussion about (overview of group discussion)?
Value of data vs risk of data breach
What are the critical areas discussed and why it was imperative to the group?
Critical discussions – key to establish governance and rules, as well as establish data owners who make decisions
What are three to four takeaways from the discussion?
- Data is good for business
- Balance risk of exposure vs potential business value of data
- Must have valid business justification for data use and access
- Best to aggregate and anonymize data to minimize risk
Do you have any recommendations to share?
Recommendations included – orgs to appoint a Data Privacy Officer who will dictate retention rules, access rules, etc. Act as a liaison between security, business, and legal.